more mfa scripting logic

Mathis, Bradley bmathis at pima.edu
Mon Feb 5 13:57:49 EST 2018 

Howdy all,

I'm successfully using mfa logic to send specific users to Duo
Authentication, thanks to the samples/documentation/wiki and postings from
users here on users at shibboleth.net
I'm now adding another piece of mfa logic to the mfa-authn-config.xml
checksecondfactore inline script.

Prior to checking for specific user attributes I'm now first checking the
RelyingPartyId to see if   Duo is needed.   I'm able to do this
successfully after stealing some example logic that Andrew Morgan posted
..Thanks Andrew!


This is an excerpt from my mfa-authn-config.xml

               rpid =
profileContext.getSubcontext("net.shibboleth.idp.profile.context.RelyingPartyContext").getRelyingPartyId();
            if (rpid.equals("
https://banner-temp.pima.edu/applicationNavigator/j_spring_cas_security_check"))
{
                nextFlow = "authn/Duo";
            }


The above works if I add an if statement for every RelyingPartyId
separately.  I was hoping I might be able to use a regular expression and
do a pattern match or something like that (my terminology is probably
wrong). I'm not a programmer.


e.g.

Let's say I have multiple RelyingPartyIds like this

https://banner-temp.pima.edu/applicationNavigator/j_spring_cas_security_check
https://banner-dev.pima.edu/applicationNavigator/j_spring_cas_security_check
https://banner-test.pima.edu/applicationNavigator/j_spring_cas_security_check
https://banner-prod.pima.edu/applicationNavigator/j_spring_cas_security_check
rather than creating an if statement for each one I would like to do a
pattern match up against something like this

(https:\/\/.+(pima.edu
\/applicationNavigator\/j_spring_cas_security_check)\/?.*)


and if it's true then set the nextFlow = "authn/Duo"


Anyone one have a sample I can hack at?  If not no worries I'm very happy
with my success so far and can probably live with adding each one
separately.


Thanks!




Brad Mathis
Principal Systems Analyst
Pima Community College
IT - Technical Services
520.206.4826
bmathis at pima.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180205/fed907c6/attachment.html>

More information about the users mailing list