We have multiple instances of Duo defined with distinct IDs: E.g.:
cas.authn.mfa.duo[0].id=mfa-duo cas.authn.mfa.duo[0].rank=0 cas.authn.mfa.duo[1].id=mfa-duo-alt cas.authn.mfa.duo[1].rank=1 Prior to enabling multiple instances, we just relied on this global property to provide the default ID. cas.authn.mfa.global-provider-id=mfa-duo I'm pretty sure we've empirically determined that setting instance duo[n].id properties as well as global-provider-id is incompatible and results in unreliable behaviour in terms of what actually gets invoked during authentication. Can someone confirm this? Unfortunately, I can't find CAS documentation for global-provider-id – search doesn't turn up anything useful, nor do I find it on the page documenting "Multifactor Authentication"[*] We're currently configuring the Duo ID to use in each service registration with "multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [ "mfa-duo" ] ], or "multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [ "mfa-duo-alt" ] ], Does the duo.rank property do anything here if we're explicitly only specifying one or the other duo.id? [*] < https://apereo.github.io/cas/7.0.x/mfa/Configuring-Multifactor-Authentication.html > -- Baron Fujimoto <ba...@hawaii.edu> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL31kZFCGw%2B_28YsfFoEfbrvfvGRRyXwPsTqPHYP68XKxg%40mail.gmail.com.
