MFA with specific authnContextClassRef

Cantor, Scott cantor.2 at
Wed Aug 8 18:37:22 EDT 2018

> Sorry if this is too much, tried to snip some of it

You have categories that shouldn't be on turned on making it much worse, but the only way to debug is it to get deep into Spring WebFlow when the Duo flow runs.

Duo isn't completing, but it's not failing either. You said it's challenging you but if it were it would be logged as a success or failure when it processes the result so it's never doing that. I don't know how you could manage that, but it illustrates that the code is behaving correctly. It's like an attacker trying to bypass the final bit and the system guards against being fooled. If you ran that with a regular SP it should be producing a result with the password context class in it even though you think it did both.

-- Scott

More information about the users mailing list