Multi-factor authentication from Duo Security will be used to secure access to applications containing sensitive information or providing sensitive functionality.

CAS 5 provides a flexible framework for multi-factor authentication (MFA) that supports multiple multi-factor providers. MFA can be required on a per-service basis or across the board for all services. It can be required for individual named users, groups of users, or all users. Multiple MFA products/solutions can be supported in the same CAS server instance (and indeed, if desired, multiple MFA products/solutions can be required to access a single service).

The New School is currently in the early stages of rolling out Duo Security to all faculty and staff to access certain select applications. Duo offers several options for authenticating users:

  • a mobile push notification and one-button verification of identity to a smartphone (requires the free Duo Mobile app)
  • a one-time code generated on a smartphone
  • a one-time code generated by Duo and sent to a handset via SMS text messaging
  • a telephone call from that will prompt you to validate the login request

Add the Duo dependency to the project object model

To add Duo support to the CAS server, edit the file pom.xml in the cas-overlay-template directory on the master build server (casdev-master) and locate the dependencies section (around line 69), which should look something like this:

<dependencies>
    <dependency>
        <groupId>org.apereo.cas</groupId>
        <artifactId>cas-server-webapp${app.server}</artifactId>
        <version>${cas.version}</version>
        <type>war</type>
        <scope>runtime</scope>
    </dependency>
    <dependency>
        <groupId>org.apereo.cas</groupId>
        <artifactId>cas-server-support-json-service-registry</artifactId>
        <version>${cas.version}</version>
    </dependency>
    <dependency>
        <groupId>org.apereo.cas</groupId>
        <artifactId>cas-server-support-ldap</artifactId>
        <version>${cas.version}</version>
    </dependency>
    <dependency>
        <groupId>org.apereo.cas</groupId>
        <artifactId>cas-server-support-saml</artifactId>
        <version>${cas.version}</version>
    </dependency>
</dependencies>

Insert a new dependency for the Duo module:

<dependencies>
    <dependency>
        <groupId>org.apereo.cas</groupId>
        <artifactId>cas-server-webapp${app.server}</artifactId>
        <version>${cas.version}</version>
        <type>war</type>
        <scope>runtime</scope>
    </dependency>
    <dependency>
        <groupId>org.apereo.cas</groupId>
        <artifactId>cas-server-support-json-service-registry</artifactId>
        <version>${cas.version}</version>
    </dependency>
    <dependency>
        <groupId>org.apereo.cas</groupId>
        <artifactId>cas-server-support-ldap</artifactId>
        <version>${cas.version}</version>
    </dependency>
    <dependency>
        <groupId>org.apereo.cas</groupId>
        <artifactId>cas-server-support-saml</artifactId>
        <version>${cas.version}</version>
    </dependency>
    <dependency>
         <groupId>org.apereo.cas</groupId>
         <artifactId>cas-server-support-duo</artifactId>
         <version>${cas.version}</version>
    </dependency>
</dependencies>

This will instruct Maven to download the appropriate code modules and build them into the server.

Rebuild the server

Run Maven again to rebuild the server according to the new model:

casdev-master# ./mvnw clean package
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building cas-overlay 1.0
[INFO] ------------------------------------------------------------------------
(lots of diagnostic output... check for errors)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:02 min
[INFO] Finished at: YYYY-MM-DDTHH:MM:SS-00:00
[INFO] Final Memory: 30M/79M
[INFO] ------------------------------------------------------------------------
casdev-master#  

References