WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
Per Application - Multifactor Authentication Triggers
MFA can be triggered for a specific application registered inside the CAS service registry.
1
2
3
4
5
6
7
8
9
10
11
12
{
"@class" : "org.apereo.cas.services.CasRegisteredService",
"serviceId" : "^(https|imaps)://.*",
"id" : 100,
"name": "test",
"multifactorPolicy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [ "mfa-duo" ] ],
"bypassEnabled": false,
"forceExecution": true
}
}
The following fields are accepted by the policy definition
| Field | Description |
|---|---|
multifactorAuthenticationProviders |
Set of multifactor provider ids that should trigger for this application. |
script |
Path to a script, whether external or internal, to trigger multifactor authentication dynamically. |
bypassEnabled |
Whether multifactor authentication should be bypassed for this service. |
forceExecution |
Whether multifactor authentication should forcefully trigger, even if the existing authentication context can be satisfied without MFA. |