Best practice MFA IdP3.3.1
Cantor, Scott
cantor.2 at osu.edu
Mon Sep 11 18:45:16 EDT 2017
On 9/11/17, 6:02 PM, "users on behalf of O'Dowd, Josh" <users-bounces at shibboleth.net on behalf of Josh.O'Dowd at mso.umt.edu> wrote:
> Trying to follow... Will the interceptor run(as a postAuthenticationFlow) regardless of an existing Authn result(SSO session)?
They always run, you decide what they do.
> If yes, I should do the prompting and attribute resolve prep from the interceptor instead of from MFA.
They run after attributes are resolved. You shouldn't conditionally resolve anything, do it all and then just decide what gets released.
-- Scott
More information about the users
mailing list