SPNEGO unavailability and error handling

[Wessel, Keith]

Thank you, Scott. And a question for anyone with insight into this: is the only browser that's known to  insist on displaying a username/password dialogue prior to failing IE? No such behavior in Edge or other browsers? If so, the death of Win 7 might help with that issue. Not solve, but help.

Keith


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Thursday, September 26, 2019 6:23 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: SPNEGO unavailability and error handling

On 9/26/19, 4:51 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

> 2. Is there any easy way to get the IdP to simply display the IdP login page (fall through to the password authentication
> flow) if SPNEGO is unavailable?

It's primarily built to run *from* the Password flow using a button to opt into it, that's my recollection. I think it would return there afterwards if it failed.

When it's run directly, there's an auto login option that has to be on, and if it fails then, it just fails. It returns control to the IdP and whatever is next in line will run. SPNEGO|Password with that autologin on would do what you're talking about, I think.

None of this was built with the MFA flow around and things will probably go nuts when it's all mixed together, but I would expect running SPNEGO first with autologin, and then really anything else after if that fails might work.

-- Scott


-- 
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net