authentication flow confusion
Richard Levenberg
richardl at ufp.com
Fri May 10 15:16:12 EDT 2019
In attempting to integrate a login system to Shibboleth I am running
into some confusion about how to achieve what I am trying to do.
According to the documentation:
"Within the IdP the act of authenticating the subject is performed by
the execution of an authentication flow. This is a flow definition that
contains all the steps for authenticating subjects (e.g., presenting a
form to collect credentials, validating those credentials, re-asking for
credentials if validation failed or proceeding if it passed)."
I was under the impression that if I could get a hold of the
AuthenticationResult and look at one of attemptedFlow, availableFlows,
potentialFlows or intermediateFlows I could reset with the current state
of the authentication to the step which presents the "form to collect
credentials."
The form to collect credentials is a login.jsp in
edit-webapp/WEB-INF/jsp and is resolved by the SP at
idp/profile/SAML2/Redirect/SSO?execution=e2s1
The available flows are all authn/* with the attempted flow being
authn/Password (having implemented a ValidateUsernamePasswordAgainstFoo
and setting an alias)
Am I going about this the proper way and missing something or am I going
about this the wrong way?
r
More information about the users
mailing list