Hello, i am trying to get CAS running with mfa.
I configured mfa-simple, mfa-yubikey and mfa-u2f. mfa-simple is working as expected, the other two do not. Trying mfs-yubikey: after entering username and password it asks me for a token and a device name. If I enter a OPT in the token field If I enter a OTP in the token field the message is " Unable to register your YubiKey device for authentication. Provided token may be invalid, expired or otherwise compromised." and the logs: 2023-09-20 12:39:00,999 DEBUG [org.apereo.cas.adaptors.yubikey.YubiKeyMultifactorAuthenticationProvider] - <Pinging YubiKey API endpoint at [https://api.yubico.com/wsapi/2.0/verify]> 2023-09-20 12:39:01,100 DEBUG [org.apereo.cas.util.http.SimpleHttpClient] - <Response code received from server matched [200].> 2023-09-20 12:39:01,100 DEBUG [org.apereo.cas.adaptors.yubikey.YubiKeyMultifactorAuthenticationProvider] - <Received YubiKey ping response [h=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= t=2023-09-20T10:39:01Z0089 status=MISSING_PARAMETER ... 2023-09-20 12:42:18,467 ERROR [org.apereo.cas.adaptors.yubikey.DefaultYubiKeyAccountValidator] - <The OTP is too short to be valid> or 2023-09-20 12:41:11,292 ERROR [org.apereo.cas.adaptors.yubikey.DefaultYubiKeyAccountValidator] - <The OTP is not a valid format> Then I tried Yubikey U2F: after entering username and password there comes a page with " Please touch the flashing U2F device now." I would expect a popup for the fido pin, but nothing happens. The device (5C NFC) is connected via USB, but it is not flashing and touching has no effect. It is all on Windows 11 with Firefox 117, Chrome 117. What am I missing? Any ideas or hints? Regards, Hartmut -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bdd65724-6ca2-494a-92e1-5a3f8d493d14n%40apereo.org.
