Use group for MFA
Andrew Morgan
morgan at orst.edu
Thu May 11 18:41:41 EDT 2017
On Thu, 11 May 2017, Cantor, Scott wrote:
>> The recommended hooks are mostly the example that's checked into
>> trunk/master now, and I believe is also in the wiki, which has a fix or two
>> from what was shipped last time. It definitely shows the correct way to get
>> the username for the attribute lookup, and what you quoted does not.
>
> Specifically the wiki example labeled "Conditional use of two factors,
> Flow1 and Flow2".
>
> The only thing it doesn't show at the moment is it populating the
> attribute "recipient" name which some people want to use in their
> resolver scripts but most don't need it.
What are you talking about here regarding "recipient"? I don't see that
word in the wiki example...
>
> The only "trick" is the aforementioned username. That is a hard problem,
> and the example uses the lookup function that is used by default in the
> Duo flow to obtain the ID so that it's consistent and reliable.
I switched my code to use the example username lookup from the wiki. It
works great.
Thanks,
Andy
More information about the users
mailing list