authentication flows per profile?

David Langenberg davel at
Thu Aug 27 17:54:10 EDT 2015

Is there a way in v3 to separate authentication handling on a profile basis?  For the browser-based flows, we have things working (aside from IDP-800) pretty well.  Unfortunately, it seems that the way we've wired up Duo into our setup means that users who have elected to force Duo (which doesn't support non-browser at the moment) can't login using ECP.  The IdP in this case sends the SP a SAML error saying authentication failed.  What I'd like to do is wire things up such that if the request is via ECP then none of the initial authn/attribute-resolution/Duo flow selection stuff fires & instead the IdP just does a straight username/password & moves on.  Is this possible & any hints of where to begin?


David Langenberg
Identity & Access Management Architect
The University of Chicago

More information about the users mailing list