Shibboleth IdP 3.4.6 authentication flow configuration
Antti Kaasinen
antti.kaasinen at gofore.com
Fri Jul 17 08:56:14 UTC 2020
Hi all,
I have a question about how Shibboleth IdP 3.4.6 manages authentication configuration. In my relying-party.xml I have defined
...
<bean id="shibboleth.UnverifiedRelyingParty" parent="RelyingParty">
<property name="profileConfigurations">
<list>
<bean parent="SAML2.SSO" p:authenticationFlows=""/>
</list>
</property>
</bean>
<bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty">
<property name="profileConfigurations">
<list>
<bean parent="SAML2.SSO" p:authenticationFlows=""/>
</list>
</property>
</bean>
<util:list id="shibboleth.RelyingPartyOverrides">
...
So for both authenticationFlows are empty. But still with this configuration I managed to access any flow defined in the system with unverified relying party. When I empty those lists unverified access is blocked.
Is this behaviour intended?
--Antti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200717/b6c2d672/attachment.htm>
More information about the users
mailing list