Interesting. The Duo Universal Prompt Update Guide < https://duo.com/docs/universal-prompt-update-guide> identifies "CAS (Central Authentication Service)" as a traditional Duo prompt application with type "cas", and their Duo for Central Authentication Server (CAS) < https://duo.com/docs/cas> directs you to select Applications > Protect an Application > CAS (Central Authentication Service), which gives your that application type (as opposed to Web SDK). So it seems there is an inconsistency between what CAS wants and what Duo recommends. AFAICT, the CAS Duo Security Authentication documentation < https://apereo.github.io/cas/development/mfa/DuoSecurity-Authentication.html> does not explicitly advise the WebSDK should be used, only that support for MFA "based on the Duo's Web SDK and the embedded iFrame is deprecated" and you are encouraged to switch to the Universal Prompt. The only thing I find there for triggering the Universal prompt is the non-use of cas.authn.mfa.duo[0].duo-application-key.
I also see a discussion about Duo account status on that page, but nothing about enabling or disabling it. It also suggests that the state of user account status via the Duo API is ambiguous. ¯\_(ツ)_/¯ On Thu, Sep 7, 2023 at 3:49 AM CAS Community <cas-user@apereo.org> wrote: > > I believe we also have the Duo side of things properly configured for > their Universal Prompt with the Duo Application being used by this CAS set > to use type "CAS (Central Authentication Service)". > > > > That is not strictly correct. You either need to switch the type to > WebSDK, IIRC, or you need to turn off "account status checking" in the CAS > configuration. > > -- > - Website: https://apereo.github.io/cas > <https://urldefense.com/v3/__https://apereo.github.io/cas__;!!PvDODwlR4mBZyAb0!X0l0yGK2AFWWIt4QG7GLCI_PMp3NjvU_VgVbXlm-EeZq46yTEz04tcz_CnaEjDrMqyC-VdyerJWiA2PD$> > - Gitter Chatroom: https://gitter.im/apereo/cas > <https://urldefense.com/v3/__https://gitter.im/apereo/cas__;!!PvDODwlR4mBZyAb0!X0l0yGK2AFWWIt4QG7GLCI_PMp3NjvU_VgVbXlm-EeZq46yTEz04tcz_CnaEjDrMqyC-VdyerOc118OH$> > - List Guidelines: https://goo.gl/1VRrw7 > <https://urldefense.com/v3/__https://goo.gl/1VRrw7__;!!PvDODwlR4mBZyAb0!X0l0yGK2AFWWIt4QG7GLCI_PMp3NjvU_VgVbXlm-EeZq46yTEz04tcz_CnaEjDrMqyC-VdyerJwQA7qh$> > - Contributions: https://goo.gl/mh7qDG > <https://urldefense.com/v3/__https://goo.gl/mh7qDG__;!!PvDODwlR4mBZyAb0!X0l0yGK2AFWWIt4QG7GLCI_PMp3NjvU_VgVbXlm-EeZq46yTEz04tcz_CnaEjDrMqyC-VdyerHKg9D5J$> > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/de297d27-5a6e-4f0b-afde-e3f656e43f94n%40apereo.org > <https://urldefense.com/v3/__https://groups.google.com/a/apereo.org/d/msgid/cas-user/de297d27-5a6e-4f0b-afde-e3f656e43f94n*40apereo.org?utm_medium=email&utm_source=footer__;JQ!!PvDODwlR4mBZyAb0!X0l0yGK2AFWWIt4QG7GLCI_PMp3NjvU_VgVbXlm-EeZq46yTEz04tcz_CnaEjDrMqyC-VdyerBlZwx0Z$> > . > -- Baron Fujimoto <ba...@hawaii.edu> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL28-7s5BTuKRxNKBfPKoUojmUJhn2OT6USe6tHGeeRctg%40mail.gmail.com.
