MFA trust device enabled and login directly to https://<hostname>/cas get unauthorized service error - fix in alternative way

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

MFA trust device enabled and login directly to https://<hostname>/cas get unauthorized service error - fix in alternative way

leeyc0

I understand my PR breaks security, but I still wish to fix this problem in alternative way. Logging in https://<hostname>/cas directly is important in testing, which is impossible if MFA trust device is enabled.

The problem is in support/cas-server-support-trusted-mfa-core/src/main/java/org/apereo/cas/trusted/authentication/DefaultMultifactorAuthenticationTrustedDeviceBypassEvaluator.java, which receives a null registeredService, therefore causing exception in
registeredServiceAccessStrategyEnforcer.execute(audit).

To workaround the problem, I'd like to ask is is possible to create a dummy RegisteredService, so that registeredServiceAccessStrategyEnforcer.execute would not fail? Any security concerns?

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/c7c6167c-7f03-41ae-9af6-87f22a871efc%40apereo.org.