make forceAuthn requests completely start over
davel at uchicago.edu
Sat Aug 1 10:36:42 EDT 2015
On Fri, Jul 31, 2015 at 6:50 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 7/31/15, 8:33 PM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
> << SNIP >>
> The question really becomes whether having the Duo flow run the Password
> flow in a black box way is appropriate for the usability result you want to
> get, since the UI of the Password flow obviously isn't meant to have
> anything else in it. But if we address the specific subject of this thread,
> the Duo flow could certainly achieve the result you wanted to get in the
> presence of ForceAuthn by invoking the Password flow itself.
> Calling a subflow inside a flow definition is also trivial:
> <subflow-state id="CallPasswordFlow" subflow="authn/Password">
> <input name="calledAsSubflow" value="true" />
> <transition on="proceed" to="next" />
> Lot of options because there are lot of directions one could go.
I went this route and added the following to the top of duo flow:
<subflow-state id="CallPasswordFlow" subflow="authn/Password">
<input name="calledAsSubflow" value="true"/>
<transition on="proceed" to="duo"/>
It seems, so far, to be doing exactly what I want.
Thanks for your help
Identity & Access Management Architect
The University of Chicago
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users