Autumn flow: MFA and Password interoperability

Mak, Steve makst at
Fri Jul 12 11:29:50 EDT 2019

So I've converted everything to MFA flow and built a bypass in the checkSecondFactor script and set reuseCondition="false" on authn/MFA.

If I need to run some code block ONLY if the Duo flow was previously NOT run, how would I do that?

I've tried comparing authContext.getActiveResults().get('authn/MFA') with authContext.getAuthenticationResult() and authContext.getInitialAuthenticationResult(),

But none of that seems to work.

2019-07-12 10:15:00,266 - INFO [authn/MFA-checkSecondFactor:12] - Authentication result: null
2019-07-12 10:15:00,266 - INFO [authn/MFA-checkSecondFactor:15] - Previous authn/MFA results: AuthenticationResult{authenticationFlowId=authn/MFA, authenticatedPrincipal=blahblah, authenticationInstant=2019-07-12T10:14:52.314-04:00, lastActivityInstant=2019-07-12T10:14:52.314-04:00, previousResult=true}

And this is after I logged into a duo app, killed the SP shib_session cookie, and did a full SAML flow again.

- Steve Mak

More information about the users mailing list