Shibboleth IdP 3.4.6 authentication flow configuration

Antti Kaasinen antti.kaasinen at
Mon Jul 20 08:37:07 UTC 2020

Hi Scott,

thanks alot for your reply!

>>>It would be simpler if you'd just explain what it is you're trying to get it to do (or not do).

For testing purposes there was a definition of a flow for unverified relying parties. I thought that by removing the flow from authenticationFlows it would prevent from using it but it seems that empty value allowed all flows to be accessed. The goal was to prevent any unverified relying party to access this IdP.

So I assume the correct way of doing this is to remove the definition

    <bean parent="SAML2.SSO"  p:authenticationFlows=""/>



More information about the users mailing list