Intercept flows called even when in SSO session

Cantor, Scott cantor.2 at
Fri Aug 14 17:30:34 EDT 2015

On 8/14/15, 5:23 PM, "users on behalf of O'Dowd, Josh" <users-bounces at on behalf of Josh.O'Dowd at> wrote:

>I just put a debug on the sub-flow to watch the authenticationContext.  One difference I noticed between initial session authn and the SSO reuse was the authenticationContext.getActiveResults() map was null or empty for the first pass, and not empty for the SSO reuse.  Not that it's better than your suggestion, just sharing the findings I got just before you responded.

If you have only one login flow, then pretty much by definition you could count on that since obviously you can't get SSO with no active results, but once you have more than one, that's not true since you could have a password active but a request for MFA come in, in which case the AttemptedFlow will be set to MFA when that gets done.

What I would suggest is you file a RFE to have something explicit added if this is useful information. It's not hard to add something, and that's always better than guessing. But for now I think mine will give you a more reliable answer.

-- Scott

More information about the users mailing list