Shibboleth Identity Provider 3.2.1 custom authentication configuration
Cantor, Scott
cantor.2 at osu.edu
Fri Jul 8 13:43:56 EDT 2016
> I'm hoping I can find some direction on a good approach to follow.
Yell at the SP? ;-)
I don't really think you could manage this now without a significant amount of custom code, essentially a new login flow.
> To do the database lookup, I was thinking of using a custom bean similar to
> the trim and lowercase beans already provided.
>
> There is a transform bean, shibboleth.authn.Password.Transforms, but that
> is for regular expressions. I need one of these to do a database lookup.
There's simply nothing like this out of the box.
I do think the MFA support in 3.3 actually will work for this use case. It's less about MFA and more about orchestrating multiple login flows together. And the database lookup is basically just resolving an attribute, so that's all accounted for. Doesn't help you, but it's a useful benchmark for me that this crazy use case happens to be trivial with what I just finished building.
-- Scott
More information about the users
mailing list