LDAP password authn flow interception
O'Dowd, Josh
Josh.O'Dowd at mso.umt.edu
Wed Jul 29 18:05:39 EDT 2015
Thanks Scott,
> You can always just implement it as a plain intercept flow post-authentication.
So, reading the thread you answered at:
http://shibboleth.1660669.n2.nabble.com/Idp3-0-Login-Intercept-td7611565.html
... is that what you are referring to, and, by chance have you busy fellas had a chance to document that yet, somewhere? If not, any quick pointers would be much appreciated.
Thanks.
-Josh
-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Wednesday, July 29, 2015 3:47 PM
To: Shib Users
Subject: Re: LDAP password authn flow interception
On 7/29/15, 5:27 PM, "users on behalf of O'Dowd, Josh" <users-bounces at shibboleth.net on behalf of Josh.O'Dowd at mso.umt.edu> wrote:
>Is it possible to interrupt the Password-authn-flow after a successful authn? I am having the LDAP return an attribute, ‘securityQuestion’ from the authn bind using the idp.authn.LDAP.returnAttributes property because I need to verify that this attribute has been set in the directory before allowing authn completion to continue.
You can always just implement it as a plain intercept flow post-authentication.
>
>My original idea was to use the classifiedMessageMap for an event to trigger the conditions-flow but it looks like that is constrained to ldap error codes only. Is there a success key that I could use?
The LDAP response object is org.ldaptive.auth.AuthenticationResponse. If getAccountState() is non-null, any error condition in the account state is mapped as a warning (meaning it doesn't fail the login, but it can trigger an event).
Outside of that, no.
-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list