Where to hook in switching of user identity
Christopher Bongaarts
cab at umn.edu
Thu Jun 23 14:48:24 EDT 2016
On 6/23/2016 1:32 PM, Cantor, Scott wrote:
>> Thanks, this is something I can probably do. Is there a particular spot
>> >in the stock (LDAP) password login flow that would be a good place to
>> >switch out the user? Perhaps in authn-flow, inserting an Action between
>> >the calls to the auth subflow and the c14n subflow?
> That's an option. Modifying the individual login flows is what I was thinking, but if you wanted to do it in the master flow that's probably possible.
So just tacking the user-switching action on the end of (the copy of)
the (LDAP?) password flow?
I already have to modify a flow to collect the additional fields.
> Bear in mind that in 3.3 the convention is that the login flows actually do the c14n step, so I'm still shifting things around. When you mess with the authn flow itself, that's a system detail that we're free to change. Creating your own login flow OTOH is more likely to be stable long term.
Wherever makes the most sense. Definitely prefer to avoid "voiding the
warranty" and making upgrades harder by messing with system/ stuff.
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160623/9adc91a1/attachment.html>
More information about the users
mailing list