Hi All, I have digged down the flow for Radius token MFA.
It is referring to a class RadiusMultifactorProvider where canPing() method is called. Which further calls the RadiusServer.java where authenticate method(CasRadiusResponse) is called. This method is now validating username and password against the radius server. Due to this reason only I am getting null flow execution. Can someone suggest why this is happening as my authentication has already been successful via LDAP authentication handler. It should now go to radius token page for token check and validation. Hi Misagh, please suggest if my understanding is valid or not I just want the flow where authentication is done by LDAP and 2FA with Radius. Please help here Thanks and regards Vikash Chandra On Thu, Aug 24, 2023, 8:07 PM Vikash Chandra Ansh <vikasharnav0...@gmail.com> wrote: > Thanks, I'll check it out. > > On Thu, Aug 24, 2023, 8:00 PM Petr Bodnár <p.bod...@centrum.cz> wrote: > >> Hi Vikash, >> >> a) regarding the *NoClassDefFoundError* , can you please try to add the >> following dependency to your Gradle (or do you use Maven?) project >> configuration and see if its helps? >> >> https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.63 >> >> That's the library that should contain the missing *DERObjectIdentifier* >> class. According to the contents of >> https://github.com/apereo/cas/blob/v6.6.8/support/cas-server-support-radius-mfa/build.gradle, >> it seems this library is added to the project, but only *conditionally*, >> so maybe that's the reason this information doesn't seem to get projected >> to the final artifact, i.e. you won't find the bcprov library listed e.g. >> on >> https://mvnrepository.com/artifact/org.apereo.cas/cas-server-support-radius-mfa/6.6.10 >> . >> >> b) Regarding the bypasses, I have no clue. I can only recommend checking >> the logs (with possibly increasing log level to DEBUG) and diff the >> configuration files against the CAS overlay template... >> >> Petr >> >> On Tuesday, 22 August 2023 at 10:48:53 UTC+2 vikasha...@gmail.com wrote: >> >>> Hi All , >>> >>> One more.observation is that, I am getting authentication success and >>> few multifactor authentication bypass logs in server. However I haven't >>> added any bypass mechanism >>> >>> Please someone help here. >>> >>> Thanks & Regards >>> Vikash Chandra >>> >>> On Mon, Aug 21, 2023, 8:19 PM Vikash Chandra Ansh <vikasha...@gmail.com> >>> wrote: >>> >>>> Hi Peter and Ray, >>>> >>>> Thanks for your input. I have added the global trigger and set the >>>> value as mfa-radius. >>>> >>>> Now I am getting type mismatch error. >>>> >>>> Please find the logs below:- >>>> >>>> Ignoring the received exception >>>> (org.springframework.web.util.NestedServletException: >>>> Handler dispatch falled; nested exception is >>>> java.lang.NoClassDeffoundError: org/bouncycastle/asn1/DEROjectidentifier) >>>> due to type mismatch with handler [[ >>>> FlowHandlerMapping.DefaultFlowHandler@3b873134]]> >>>> >>>> 3823-03-31 13:40:47,365 ERROR >>>> [org.springframework.boot.web.servlet.support.ErrorPaegfilter] Forwarding >>>> to error page free request [/login) due to exception >>>> [org/bouncycastle/asn1/DERObjectIdentifier >>>> >>>> >>>> >>>> Thanks and regards >>>> Vikash >>>> >>>> On Fri, Aug 18, 2023, 12:21 PM Petr Bodnár <p.bo...@centrum.cz> wrote: >>>> >>>>> Vikash, >>>>> >>>>> as you haven't provided much details (e.g. what you actually see in >>>>> the CAS UI and in CAS logs), I can only guess that maybe, you just only >>>>> haven't *activated* the Radius MFA provider for example via the " >>>>> *cas.authn.mfa.triggers.global.global-provider-id*" property - see >>>>> https://apereo.github.io/cas/6.6.x/mfa/Configuring-Multifactor-Authentication-Triggers-Global.html >>>>> as one of the available MFA triggers. >>>>> >>>>> Petr >>>>> >>>>> On Thursday, 17 August 2023 at 20:57:38 UTC+2 vikasha...@gmail.com >>>>> wrote: >>>>> >>>>>> Thanks Ray >>>>>> >>>>>> My LDAP authentication is working fine . On top of it I want Radius >>>>>> as 2FA, where I am struggling. >>>>>> >>>>>> Anybody please help here >>>>>> >>>>>> Thanks and regards >>>>>> Vikash Chandra >>>>>> On Thu, Aug 17, 2023, 11:24 PM Ray Bon <rb...@uvic.ca> wrote: >>>>>> >>>>>>> Vikash, >>>>>>> >>>>>>> I have these ldap properties for cas authentication: >>>>>>> >>>>>>> cas.authn.ldap[0].type= >>>>>>> cas.authn.ldap[0].ldapUrl= >>>>>>> cas.authn.ldap[0].connectTimeout= >>>>>>> cas.authn.ldap[0].baseDn= >>>>>>> cas.authn.ldap[0].subtreeSearch= >>>>>>> cas.authn.ldap[0].searchFilter= >>>>>>> cas.authn.ldap[0].bindDn=cn= >>>>>>> cas.authn.ldap[0].bindCredential= >>>>>>> >>>>>>> I have not used Radius, so unfamiliar with it config. >>>>>>> https://apereo.github.io/cas/6.6.x/mfa/RADIUS-Authentication.html >>>>>>> >>>>>>> Ray >>>>>>> >>>>>>> On Thu, 2023-08-17 at 15:46 +0530, Vikash Chandra Ansh wrote: >>>>>>> >>>>>>> Notice: This message was sent from outside the University of >>>>>>> Victoria email system. Please be cautious with links and sensitive >>>>>>> information. >>>>>>> >>>>>>> Hi Ray, >>>>>>> >>>>>>> Could you please suggest what all properties need to be enabled to >>>>>>> use Radius as 2FA. My primary authentication will be LDAP >>>>>>> >>>>>>> Thanks and Regards >>>>>>> Vikash Chandra >>>>>>> >>>>>>> On Thu, Aug 10, 2023, 2:27 PM Vikash Chandra Ansh < >>>>>>> vikasha...@gmail.com> wrote: >>>>>>> >>>>>>> Hi Ray, >>>>>>> >>>>>>> We have NW change in place. There is UDP connectivity from my cas >>>>>>> server to radius server(unidirectional ) on port 1812 and 1813 . >>>>>>> >>>>>>> >>>>>>> On Wed, Aug 9, 2023, 10:29 PM Ray Bon <rb...@uvic.ca> wrote: >>>>>>> >>>>>>> Vikash, >>>>>>> >>>>>>> Is it possible there is a network issue? >>>>>>> >>>>>>> Ray >>>>>>> >>>>>>> On Tue, 2023-08-08 at 17:20 +0530, Vikash Chandra Ansh wrote: >>>>>>> >>>>>>> Notice: This message was sent from outside the University of >>>>>>> Victoria email system. Please be cautious with links and sensitive >>>>>>> information. >>>>>>> >>>>>>> Hi Everyone, >>>>>>> >>>>>>> We are trying to implement radius MFA in CAS. In our case our >>>>>>> primary authentication will be LDAP and then for MFA we need RSA. >>>>>>> >>>>>>> I have also added dependency as cas-server-support-radius-mfa. >>>>>>> >>>>>>> I have added the required properties like client.inet-address and >>>>>>> shared-secert. >>>>>>> But still I can not see any hit on the radius server. >>>>>>> Can anyone please help here. >>>>>>> >>>>>>> Cas version I am using is 6.6.8. >>>>>>> >>>>>>> Thanks and regards >>>>>>> Vikash Chandra >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> - Website: https://apereo.github.io/cas >>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "CAS Community" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email tocas-user+u...@apereo.org. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ebab25780f77a0697d2191e2fc4e466d00d59f56.camel%40uvic.ca >>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/ebab25780f77a0697d2191e2fc4e466d00d59f56.camel%40uvic.ca?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> - Website: https://apereo.github.io/cas >>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "CAS Community" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to cas-user+u...@apereo.org. >>>>>>> >>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/42932cfeeb2c1bfac9ca42c058f6017b46ab6196.camel%40uvic.ca >>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/42932cfeeb2c1bfac9ca42c058f6017b46ab6196.camel%40uvic.ca?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BdrvxgET%2BNu9N3Sot%2B7iTj5Z0rcs8sPt8ndNX5ETHkVrT1e9A%40mail.gmail.com.
