MFA authn flow - matching against multiple contexts?
Jim Fox
fox at washington.edu
Tue Dec 5 18:45:47 EST 2017
> It looks like this was way easier than I was making it. This seems to work
> var logger = Java.type("org.slf4j.LoggerFactory").getLogger("net.shibboleth.idp.script.MFAflow");
> nextFlow = 'authn/remoteusertoken';
>
> authCtx = input.getSubcontext("net.shibboleth.idp.authn.context.AuthenticationContext");
> mfaCtx = authCtx.getSubcontext("net.shibboleth.idp.authn.context.MultiFactorAuthenticationContext");
>
> if (mfaCtx.isAcceptable()) {
> nextFlow = null;
> }
>
> nextFlow;
>
The reason I was wary of isAcceptable() is that we have SPs that ask for
Password but really want 2-factor. The MFA flow deals with that, but I
think the isAcceptable() wouldn't know anything about it.
Jim
More information about the users
mailing list