No-op Authn Result Serializer?
cantor.2 at osu.edu
Wed May 10 17:41:55 EDT 2017
On 5/10/17, 5:25 PM, "users on behalf of Klingenstein, Nate" <users-bounces at shibboleth.net on behalf of nklingenstein at calstate.edu> wrote:
> I’d like the MFA script to not serialize authentication results, instead relying on completed constituent authentication results for
> SSO, allowing us to pass through the entire logical process each time the user is passed into the MFA handler.
That can't work because the consituent results will be gone if you don't serialize the MFA result, so it's either/or. There's no other place for them to go because at the very end there's always one result from each individual run of the authentication process. The only time you get more than one juggled into the session is if you have >1 top level login flow activated and running. MFA is that top level flow.
> I can kludge the behavior I want by forcing a 1 second lifetime for the MFA flow results.
If the workaround ScottK and I identified doesn't work involving the ordering of the context classes in the request, you need a feature that just isn't in 3.3, I added complete SSO control to trunk to stop hassling with all of it but it's a 3.4 addition.
More information about the users