fail authentication when attribute is not available?
Cantor, Scott
cantor.2 at osu.edu
Wed Nov 16 11:14:01 EST 2016
On 11/16/16, 11:03 AM, "users on behalf of Peter Schober" <users-bounces at shibboleth.net on behalf of peter.schober at univie.ac.at> wrote:
> Attribute resolving literally happens too late to fail authn (whatever
> method you're using for authn), but you could still abort the flow if
> some attribute are missing, which is essentially what you're after, I
> think.
As long as you're ok with a later request resulting in successful authentication to a different service if the interceptor isn't applied to that request or allows it.
Failing authentication and failing specific requests are different and you have to be aware of what you want.
Failing authentication itself requires custom development or more likely would be handled with the MFA flow in 3.3.
-- Scott
More information about the users
mailing list