IdP custom error events / login flows
IAM David Bantz
dabantz at alaska.edu
Tue Aug 10 22:57:33 UTC 2021
Attempting to intercept and abort logins for a couple of conditions flagged
by attribute values (catching them even if a valid SSO session exists). I
seem to have the logic flowing correctly in conf/authn/mfa-authn-config.xml
to detect either error condition prior to checking for Duo MFA. The further
handling of two events in conf/authn/authn-events-flow.xml stumped me
though. After botched attempts, this seems to work, but I’d appreciate
sanity checking this:
...
<end-state id="stopLockedAccount" />
<end-state id="stopExpiredAccount" />
<global-transitions>
<transition on="stopLockedAccount" to="stopLockedAccount" />
<transition on="stopExpiredAccount" to="stopExpiredAccount" />
<transition on="#{!'proceed'.equals(currentEvent.id)}"
to="InvalidEvent" />
</global-transitions>
…
David St. Pierre Bantz
U Alaska
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210810/c403145c/attachment.htm>
More information about the users
mailing list