===== CAS 7 MFA =====

==== reference ====

  * https://fawnoos.com/2023/07/29/cas70x-simple-mfa-provider/
  * https://apereo.github.io/cas/7.3.x/mfa/Simple-Multifactor-Authentication.html
  * https://apereo.github.io/cas/7.2.x/mfa/Simple-Multifactor-Authentication.html


==== dependencies ====

<code>
[root@cas cas-overlay-template]# vim build.gradle

    implementation "org.apereo.cas:cas-server-support-simple-mfa:${project.'cas.version'}"
</code>

==== parametrage MFA cas.properties ====

<code>
[root@cas cas-overlay-template]# vim etc/cas/config/cas.properties
#configure the global MFA trigger to always use this provider:
cas.authn.mfa.triggers.global.global-provider-id=mfa-simple
#simple mfa via mail
spring.mail.host=smtp.domain.fr
spring.mail.port=25
spring.mail.testConnection=true

# Where CAS finds the user's email address
cas.authn.mfa.simple.mail.attribute-name=mail

#Sender and content
cas.authn.mfa.simple.mail.from=adminmfa@domain.eu
cas.authn.mfa.simple.mail.subject=CAS MFA Token
cas.authn.mfa.simple.mail.text=Hello! Your requested CAS token is ${token}


## Since in 7.x the settings moved to a token core namespace, use:
#cas.authn.mfa.simple.time-to-kill-in-seconds=300
#cas.authn.mfa.simple.token.time-to-live-in-seconds=300
cas.authn.mfa.simple.token.core.time-to-kill-in-seconds=300
cas.authn.mfa.simple.token.core.token-length=6

#Give the provider a name and order (optional but useful):
cas.authn.mfa.simple.name=Email MFA
cas.authn.mfa.simple.order=0
</code>


==== Log debug ====

<code>
[root@cas cas-overlay-template]# vim /opt/cas-src/cas-overlay-template/src/main/resources/application.yml
# Application properties that need to be
# embedded within the web application can be included here

logging:
  level:
    org.apereo.cas.authentication.mfa: DEBUG
</code>


==== rebuild ====

enchainement de commande depuis [root@cas cas-overlay-template]#

<code>
 539  systemctl stop tomcat 
  540  ./gradlew clean copyCasConfiguration build --no-daemon
  541  cp /opt/cas-src/cas-overlay-template/build/libs/cas.war /opt/tomcat/webapps/cas.war
  542  systemctl start tomcat.service 
  543  tail -f /opt/tomcat/logs/catalina.out 
  </code>