Shibboleth IdP 3.4.6 authentication flow configuration
Cantor, Scott
cantor.2 at osu.edu
Mon Jul 20 12:07:45 UTC 2020
On 7/20/20, 4:37 AM, "users on behalf of Antti Kaasinen" <users-bounces at shibboleth.net on behalf of antti.kaasinen at gofore.com> wrote:
> For testing purposes there was a definition of a flow for unverified relying parties. I thought that by removing the flow
> from authenticationFlows it would prevent from using it but it seems that empty value allowed all flows to be accessed.
> The goal was to prevent any unverified relying party to access this IdP.
That's the default. Remove the profile bean(s) from it, that's all you have to do.
> So I assume the correct way of doing this is to remove the definition
> <bean parent="SAML2.SSO" p:authenticationFlows=""/>
> completely?
Yes.
-- Scott
More information about the users
mailing list