short-circuit SSO?
Cantor, Scott
cantor.2 at osu.edu
Tue Nov 20 10:25:17 EST 2012
For Russell (and Mike), I'll conclude this thread on users, but please
take any follow up to dev.
I found what I suspect is the code that would have to be changed in the
AuthenticationEngine to alter the SSO behavior for something that's
relying on the PrevSession handler:
It's line 722:
authnMethodInfo = new AuthenticationMethodInformationImpl(
idpSession.getSubject(), authenticationPrincipal,
authenticationMethod, authnInstant,
loginHandler.getAuthenticationDuration());
The last parameter there would need to become dynamic instead of a
property of the login handler.
Alternatively a custom login handler could simply return a dynamically
determined value for that property rather than a fixed one. Returning
something suitably short would effectively shortcircuit SSO. Even zero
might work, I doubt it would break anything but that could be tested.
Pursuant to discussion on how to adjust that code, I can make some tweaks
there, that's relatively clean code.
-- Scott
More information about the users
mailing list