IDPv3 and Unicon Duo Plugins and RemoteUser Flow and AWS
Cantor, Scott
cantor.2 at osu.edu
Mon Oct 12 12:55:41 EDT 2015
On 10/12/15, 12:51 PM, "users on behalf of Peter Schober" <users-bounces at shibboleth.net on behalf of peter.schober at univie.ac.at> wrote:
>* David Walker <dwalker at internet2.edu> [2015-10-12 18:48]:
>> You still need to have something in Shib, if you want to respond to
>> federated requests for MFA, to signal your SSO when it needs to do MFA.
>
>You can't do any of that signalling using REMOTE_USER integration.
>(Same with forcedAuthentication and isPassive.)
I think people have done it by sticking a filter inside that relays some of that over but still falls through into the regular servlet reading from REMOTE_USER, though for my own purposes, I would say that with V3 you're better off implementing your own JSP page to do the external handoff and read of the result.
-- Scott
More information about the users
mailing list