MCB with Duo and password as fallback
Wessel, Keith
kwessel at illinois.edu
Wed Aug 20 22:20:29 EDT 2014
You are correct, Scott. Initial contexts are used when the user doesn't yet have a session. So, that doesn't come into play for previous session handling. My point was simply that, in the case that a new user comes along, there seems to be a problem satisfying X if Y is allowed as an initial context but X isn't. Y gets satisfied, and the MCB runs with it.
Previous sessions are a different but somewhat similar situation. If the SP asks for X and Y and I already have a session with Y, the MCB again seems to run with it.
Keith
-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Wednesday, August 20, 2014 9:16 PM
To: Shib Users
Subject: Re: MCB with Duo and password as fallback
On 8/20/14, 10:10 PM, "Wessel, Keith" <kwessel at illinois.edu> wrote:
>If both Duo and Password could be initial contexts, it'd work as Paul
>describes.
I think that's avoiding the question, because an initial method is (I
thought) only used when there's no session.
>I thought I tested this during acceptance testing and saw behavior like
>what Paul described. I can't get it to work that way now, though.
Dunno, it's definitely known behavior without the MCB.
-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list