Applying MD driven and configured post-authentication flows
Ian Bobbitt
ibobbitt at globalnoc.iu.edu
Mon Nov 26 15:35:03 EST 2018
What's the best way to apply both metadata driven and IdP configured post-authentication flows?
In my case, I want to apply the expiring-password intercept to all SPs, and a few SPs need custom context check intercepts.
Adding an Attribute with Name http://shibboleth.net/ns/profiles/postAuthenticationFlows to the metadata for a SP seems
to replace all p:authenticationFlows configured on SAML2.SSO.MDDriven in the relying party config rather than merging
like I was hoping.
I control all of the metadata here, so I don't need to sanitize external input by indirect filtering on tags, unless
that ends up being easier.
-- Ian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4090 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20181126/03abe3bc/attachment.p7s>
More information about the users
mailing list