IDP v3 Double Login

[McKean, Brandon Scott - mckeanbs]

Not the one I'm talking about. If it's a SAML 1 SP, and you're not pushing attributes, then yes, it will query for them. That's back channel, there's no user involved.

I'm talking about two explicit requests for authentication, front channel.

Thanks for the clarification. It would indeed be using SAML 1 since we're still working to push out SAML 2.

But are there two authentication requests or not?

I'm not entirely sure how to tell that. But if it's where you would see "InitializeAuthenticationContext" in the logs on such a request, then yes, there are 2 requests, behavior that I don't see in the log when I try another SP.

Thanks,

Brandon McKean

On Tue, 2015-08-04 at 16:54 +0000, Cantor, Scott wrote:

On 8/4/15, 12:44 PM, "users on behalf of McKean, Brandon Scott - mckeanbs" <users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net> on behalf of mckeanbs at jmu.edu<mailto:mckeanbs at jmu.edu>> wrote:



I think I understand what you mean here. From what I can tell from the logs, it goes through all the way through to "record response complete", and then it starts anew with another AttributeQuery. Am I understanding correctly that that portion is another request to it?



Not the one I'm talking about. If it's a SAML 1 SP, and you're not pushing attributes, then yes, it will query for them. That's back channel, there's no user involved.

I'm talking about two explicit requests for authentication, front channel.



Unfortunately there doesn't seem to be a difference between them at that portion.



But are there two authentication requests or not?

-- Scott


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150804/27fb10b7/attachment.html>