more mfa scripting logic

Jim Fox fox at washington.edu
Mon Feb 5 15:39:18 EST 2018 

The rpid is a string.  Most simple is something like:

   if (rpid.indexOf(".pima.edu/applicationNavigator/j_spring_cas_security_check")>0) {
     etc.
   }

Jim


On Mon, 5 Feb 2018, Mathis, Bradley wrote:

> Date: Mon, 5 Feb 2018 10:57:49
> From: "Mathis, Bradley" <bmathis at pima.edu>
> To: Shib Users <users at shibboleth.net>
> Reply-To: Shib Users <users at shibboleth.net>
> Subject: more mfa scripting logic
> 
> Howdy all,
> 
> I'm successfully using mfa logic to send specific users to Duo Authentication, thanks to the samples/documentation/wiki and postings from users
> here on users at shibboleth.net  
> I'm now adding another piece of mfa logic to the mfa-authn-config.xml checksecondfactore inline script.
> 
> Prior to checking for specific user attributes I'm now first checking the RelyingPartyId to see if   Duo is needed.   I'm able to do this
> successfully after stealing some example logic that Andrew Morgan posted ..Thanks Andrew!
> 
> 
> This is an excerpt from my mfa-authn-config.xml
> 
>                rpid = profileContext.getSubcontext("net.shibboleth.idp.profile.context.RelyingPartyContext").getRelyingPartyId();
>             if (rpid.equals("https://banner-temp.pima.edu/applicationNavigator/j_spring_cas_security_check")) {
>                 nextFlow = "authn/Duo";
>             }
> 
> 
> The above works if I add an if statement for every RelyingPartyId separately.  I was hoping I might be able to use a regular expression and do a
> pattern match or something like that (my terminology is probably wrong). I'm not a programmer.
> 
> 
> e.g.  
> 
> Let's say I have multiple RelyingPartyIds like this
> 
> https://banner-temp.pima.edu/applicationNavigator/j_spring_cas_security_check
> https://banner-dev.pima.edu/applicationNavigator/j_spring_cas_security_check
> https://banner-test.pima.edu/applicationNavigator/j_spring_cas_security_check
> https://banner-prod.pima.edu/applicationNavigator/j_spring_cas_security_check
> rather than creating an if statement for each one I would like to do a pattern match up against something like this
> 
> (https:\/\/.+(pima.edu\/applicationNavigator\/j_spring_cas_security_check)\/?.*)
> 
> 
> and if it's true then set the nextFlow = "authn/Duo"
> 
> 
> Anyone one have a sample I can hack at?  If not no worries I'm very happy with my success so far and can probably live with adding each one
> separately. 
> 
> 
> Thanks!
> 
> 
> 
> 
> Brad Mathis
> Principal Systems Analyst
> Pima Community College
> IT - Technical Services
> 520.206.4826
> bmathis at pima.edu
> 
> [uc?id=0B4QEFWYNTFJATTZySzROc0JISEk&export=download]
> 
> 
> 
> 
> 
> 
>

More information about the users mailing list