authentication flows per profile?
davel at uchicago.edu
Thu Aug 27 17:54:10 EDT 2015
Is there a way in v3 to separate authentication handling on a profile basis? For the browser-based flows, we have things working (aside from IDP-800) pretty well. Unfortunately, it seems that the way we've wired up Duo into our setup means that users who have elected to force Duo (which doesn't support non-browser at the moment) can't login using ECP. The IdP in this case sends the SP a SAML error saying authentication failed. What I'd like to do is wire things up such that if the request is via ECP then none of the initial authn/attribute-resolution/Duo flow selection stuff fires & instead the IdP just does a straight username/password & moves on. Is this possible & any hints of where to begin?
Identity & Access Management Architect
The University of Chicago
More information about the users