Shibboleth IdP 3.4.6 authentication flow configuration

Cantor, Scott cantor.2 at
Mon Jul 20 12:07:45 UTC 2020

On 7/20/20, 4:37 AM, "users on behalf of Antti Kaasinen" <users-bounces at on behalf of antti.kaasinen at> wrote:

>    For testing purposes there was a definition of a flow for unverified relying parties. I thought that by removing the flow
> from authenticationFlows it would prevent from using it but it seems that empty value allowed all flows to be accessed.
> The goal was to prevent any unverified relying party to access this IdP.

That's the default. Remove the profile bean(s) from it, that's all you have to do.

>    So I assume the correct way of doing this is to remove the definition
>        <bean parent="SAML2.SSO"  p:authenticationFlows=""/>
>    completely?


-- Scott

More information about the users mailing list