more mfa scripting logic
Mathis, Bradley
bmathis at pima.edu
Mon Feb 5 15:50:42 EST 2018
Thanks Jim, that might be what I'm looking for I'll try it out.
Brad Mathis
Principal Systems Analyst
Pima Community College
IT - Technical Services
520.206.4826
bmathis at pima.edu
On Mon, Feb 5, 2018 at 1:39 PM, Jim Fox <fox at washington.edu> wrote:
>
> The rpid is a string. Most simple is something like:
>
> if (rpid.indexOf(".pima.edu/applicationNavigator/j_spring_cas_
> security_check")>0) {
> etc.
> }
>
> Jim
>
>
> On Mon, 5 Feb 2018, Mathis, Bradley wrote:
>
> Date: Mon, 5 Feb 2018 10:57:49
>> From: "Mathis, Bradley" <bmathis at pima.edu>
>> To: Shib Users <users at shibboleth.net>
>> Reply-To: Shib Users <users at shibboleth.net>
>> Subject: more mfa scripting logic
>>
>> Howdy all,
>>
>> I'm successfully using mfa logic to send specific users to Duo
>> Authentication, thanks to the samples/documentation/wiki and postings from
>> users
>> here on users at shibboleth.net
>> I'm now adding another piece of mfa logic to the mfa-authn-config.xml
>> checksecondfactore inline script.
>>
>> Prior to checking for specific user attributes I'm now first checking the
>> RelyingPartyId to see if Duo is needed. I'm able to do this
>> successfully after stealing some example logic that Andrew Morgan posted
>> ..Thanks Andrew!
>>
>>
>> This is an excerpt from my mfa-authn-config.xml
>>
>> rpid = profileContext.getSubcontext("
>> net.shibboleth.idp.profile.context.RelyingPartyContext").get
>> RelyingPartyId();
>> if (rpid.equals("https://banner-t
>> emp.pima.edu/applicationNavigator/j_spring_cas_security_check")) {
>> nextFlow = "authn/Duo";
>> }
>>
>>
>> The above works if I add an if statement for every RelyingPartyId
>> separately. I was hoping I might be able to use a regular expression and
>> do a
>> pattern match or something like that (my terminology is probably wrong).
>> I'm not a programmer.
>>
>>
>> e.g.
>>
>> Let's say I have multiple RelyingPartyIds like this
>>
>> https://banner-temp.pima.edu/applicationNavigator/j_spring_c
>> as_security_check
>> https://banner-dev.pima.edu/applicationNavigator/j_spring_ca
>> s_security_check
>> https://banner-test.pima.edu/applicationNavigator/j_spring_c
>> as_security_check
>> https://banner-prod.pima.edu/applicationNavigator/j_spring_c
>> as_security_check
>> rather than creating an if statement for each one I would like to do a
>> pattern match up against something like this
>>
>> (https:\/\/.+(pima.edu\/applicationNavigator\/j_spring_cas_
>> security_check)\/?.*)
>>
>>
>> and if it's true then set the nextFlow = "authn/Duo"
>>
>>
>> Anyone one have a sample I can hack at? If not no worries I'm very happy
>> with my success so far and can probably live with adding each one
>> separately.
>>
>>
>> Thanks!
>>
>>
>>
>>
>> Brad Mathis
>> Principal Systems Analyst
>> Pima Community College
>> IT - Technical Services
>> 520.206.4826
>> bmathis at pima.edu
>>
>> [uc?id=0B4QEFWYNTFJATTZySzROc0JISEk&export=download]
>>
>>
>>
>>
>>
>>
>>
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/
> confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180205/b3d2a4c3/attachment.html>
More information about the users
mailing list