IDPv3 and Unicon Duo Plugins and RemoteUser Flow and AWS

Cantor, Scott cantor.2 at osu.edu
Mon Oct 12 12:55:41 EDT 2015


On 10/12/15, 12:51 PM, "users on behalf of Peter Schober" <users-bounces at shibboleth.net on behalf of peter.schober at univie.ac.at> wrote:

>* David Walker <dwalker at internet2.edu> [2015-10-12 18:48]:
>> You still need to have something in Shib, if you want to respond to
>> federated requests for MFA, to signal your SSO when it needs to do MFA.
>
>You can't do any of that signalling using REMOTE_USER integration.
>(Same with forcedAuthentication and isPassive.)

I think people have done it by sticking a filter inside that relays some of that over but still falls through into the regular servlet reading from REMOTE_USER, though for my own purposes, I would say that with V3 you're better off implementing your own JSP page to do the external handoff and read of the result.

-- Scott



More information about the users mailing list