X509 authentication in MFA
Nate Klingenstein
ndk at signet.id
Tue Dec 4 11:48:08 EST 2018
Noriyuki,
> In short,the result of x509 Authentication determines whether or not the flow can proceed to next.
This should be fairly straightforward to put together. You would want to perform the X.509 check passively and then reselect the flow if there is no valid certificate presented.
https://wiki.shibboleth.net/confluence/display/IDP30/X509AuthnConfiguration
"The shibboleth.authn.X509.ClassifiedMessageMap bean is a map of error messages to classified error conditions that isn't generally used with this handler because it usually won't return with any contextual details, but there is a default mapping supplied that signals fall-through to other login flows if no certificate is found or the certificate fails optional validation. This is done by remapping those specific error events into a "ReselectFlow" event."
Tale care,
Nate.
More information about the users
mailing list