Applying MD driven and configured post-authentication flows
ibobbitt at globalnoc.iu.edu
Mon Nov 26 15:35:03 EST 2018
What's the best way to apply both metadata driven and IdP configured post-authentication flows?
In my case, I want to apply the expiring-password intercept to all SPs, and a few SPs need custom context check intercepts.
Adding an Attribute with Name http://shibboleth.net/ns/profiles/postAuthenticationFlows to the metadata for a SP seems
to replace all p:authenticationFlows configured on SAML2.SSO.MDDriven in the relying party config rather than merging
like I was hoping.
I control all of the metadata here, so I don't need to sanitize external input by indirect filtering on tags, unless
that ends up being easier.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4090 bytes
Desc: S/MIME Cryptographic Signature
More information about the users