Intercept flows called even when in SSO session

O'Dowd, Josh Josh.O'Dowd at
Fri Aug 14 17:23:10 EDT 2015

I just put a debug on the sub-flow to watch the authenticationContext.  One difference I noticed between initial session authn and the SSO reuse was the authenticationContext.getActiveResults() map was null or empty for the first pass, and not empty for the SSO reuse.  Not that it's better than your suggestion, just sharing the findings I got just before you responded.

We can roll with these and see how things go.


-----Original Message-----
From: users [mailto:users-bounces at] On Behalf Of Cantor, Scott
Sent: Friday, August 14, 2015 3:10 PM
To: Shib Users
Subject: Re: Intercept flows called even when in SSO session

On 8/14/15, 4:16 PM, "users on behalf of O'Dowd, Josh" <users-bounces at on behalf of Josh.O'Dowd at> wrote:
>Yes.  I am looking for something, at subflow entry time the tells me this is/is not SSO reuse.  I can play do some context dissecting with debugging, if I need to.  I was just hoping you knew of something easy to point me to.

I'm not sure it's foolproof in every bizarre configuration one could cook up, but generally, if authenticationContext.getAttemptedFlow() is null, that would mean SSO. The only exception to that would be some weird case where somebody's custom login flow did something unusual, but under any ordinary circumstances, reuse of a result would happen up front or not at all, and if it happens up front, that field never gets set.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list