Enable External Authentication Flow

Cantor, Scott cantor.2 at osu.edu
Tue May 3 10:39:44 EDT 2016

> What i thought it would happen was if add External to idp.authn.flows in
> idp.properties, another link would be added to the login form.


> Instead, the user is automatically redirected to the external URL.
> Is this expected or am I missing something?

Yes, it's expected.

> My current config is : idp.authn.flows=X509|Password and the login form has
> 2 links for each authentication flow.

X.509 is a special case because it has opt-in logic that prevents it from running automatically unless you want it to, because of its brokenness with IE. I don't recall there being any sort of link on the Password page for it unless you put it there, possibly because the documentation illustrates doing that.

Enabling flows has nothing to do with the UI, it's how the system determines what the possible flows to run are. When they run, they run. If External is first, then it will be attempted if it's compatible with the request.

If you want to trigger things from the Password page then you need to read the documentation on "extended flows", a feature of the Password mechanism for branching to other methods.

Mostly, you probably need to think about the sum total of what you want to build, and design your own flow to do it. The system is really not capable of magically accomodating all the crazy things people want to do without tying itself into knots. Simple things are meant to be simple, but these aren't simple use cases.

-- Scott

More information about the users mailing list