c14n attribute sourced subject, multiple principals

Joseph Fischetti Joseph.Fischetti at marist.edu
Wed Mar 18 18:15:49 EDT 2020

It is helpful thank you. I'll need to track what's going on, but to do that I need to dive a little deeper than I probably should at this point. My username is being added as a second principal in the list later on in the process...

I won't take more of your time troubleshooting, I think I generally have what I need available to me in that regard.

I will say, the idea of gating the MFA process at the IDP in any way would generally be frowned upon, with respect to your referencing the IDP 'lying'. You don't personally like the implementation in this [1] document (which I had to dig out of my history)?  I understand you don't want to get into the weeds... Feel free to end the thread here if you think it's going in an unsupported direction. I'm just curious from a high level standpoint.


Get Outlook for Android<https://aka.ms/ghei36>

From: users <users-bounces at shibboleth.net> on behalf of Cantor, Scott <cantor.2 at osu.edu>
Sent: Wednesday, March 18, 2020 5:50:20 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: c14n attribute sourced subject, multiple principals


> Re: my other point... I added a log to the PrincipalNameLookupStrategy, and

It might be illuminating/new information that every login flow individually runs the c14n step, so possibly what you're seeing is just the multiple runs of whatever it is that you configured from the different flows/factors running. Or possibly that's not new information and not helpful, but just in case...

-- Scott

For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200318/3fed8114/attachment.html>

More information about the users mailing list