Intercept flows called even when in SSO session
O'Dowd, Josh
Josh.O'Dowd at mso.umt.edu
Fri Aug 14 15:51:54 EDT 2015
It appears that our authn intercept sub-flow is being called even when the subject already has an SSO session, but is requesting a subsequent SP. This is raising an issue with our intercept which relies on elements within the authentication context which appear are going to be missing in this scenario, the LDAP response, for one.
I'm sure there are valid reasons why intercepts would need to be called when building an authentication response for an existing SSO session subject, but is there a clean way of bypassing this behavior, maybe a way with the intercept sub-flow, like a decision-state that we could use to just pass it through? I am wondering if there is something in the context tree that would tell us 'this user already has an SSO session and we're just building a response for the requestor'.
Thanks again for any time you can give.
Josh O'Dowd
Software Systems Analyst / Developer
University of Montana, IT Central
(406)243-6283
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150814/7531a8c6/attachment.html>
More information about the users
mailing list