Cantor, Scott cantor.2 at
Mon May 15 18:14:59 EDT 2017

> Simpler might be a necessary stepping stone on the way to complexer.  If
> you could tell me how you did it, I think that would be a great help.

Take what's there and use a script like this, which is much shorter.

        nextFlow = "authn/Duo";
        // Go to second factor if we have to.
        authCtx = input.getSubcontext("net.shibboleth.idp.authn.context.AuthenticationContext");
        mfaCtx =
        if (mfaCtx.isAcceptable()) {
            nextFlow = null;
        nextFlow;   // pass control to second factor or end with the first

In English, that's saying "Check to see if the current result is sufficient to meet the service's requirements. If so, stop. If not, run the Duo flow."

-- Scott

More information about the users mailing list