short-circuit SSO?

Cantor, Scott cantor.2 at
Tue Nov 20 10:25:17 EST 2012

For Russell (and Mike), I'll conclude this thread on users, but please
take any follow up to dev.

I found what I suspect is the code that would have to be changed in the
AuthenticationEngine to alter the SSO behavior for something that's
relying on the PrevSession handler:

It's line 722:

authnMethodInfo = new AuthenticationMethodInformationImpl(
	idpSession.getSubject(), authenticationPrincipal,
	authenticationMethod, authnInstant,

The last parameter there would need to become dynamic instead of a
property of the login handler.

Alternatively a custom login handler could simply return a dynamically
determined value for that property rather than a fixed one. Returning
something suitably short would effectively shortcircuit SSO. Even zero
might work, I doubt it would break anything but that could be tested.

Pursuant to discussion on how to adjust that code, I can make some tweaks
there, that's relatively clean code.

-- Scott

More information about the users mailing list