Can I access AuthnContextClassRef in a flow decision state?
Cantor, Scott
cantor.2 at osu.edu
Wed Jun 15 16:41:18 EDT 2016
On 6/15/16, 3:00 PM, "users on behalf of Jim Fox" <users-bounces at shibboleth.net on behalf of fox at washington.edu> wrote:
>I have an authn flow whose bean description specifies supportedPrincipals
>of PasswordProtectedTransport, Password, and unspecified.
FYI, the latter value will never trigger anything, I don't think.
>When a request
>arrives asking for AuthnContextClassRef=TimeSyncToken this flow still gets run.
That shouldn't happen. It should check for that and prevent it from running.
>Is there a way in the flow description decision states to access the
>request's AuthnContextClassRef? So I can pass on these requests.
It really depends on exactly what question you want it to answer. Brute forcing is possible I suppose, the data is stored below the AuthenticationContext, it's in a subcontext called RequestedPrincipalContext.
But as I say there'd have to be a bug for that to happen at all.
-- Scott
More information about the users
mailing list