IdP custom error events / login flows

IAM David Bantz dabantz at
Tue Aug 10 22:57:33 UTC 2021

Attempting to intercept and abort logins for a couple of conditions flagged
by attribute values (catching them even if a valid SSO session exists).  I
seem to have the logic flowing correctly in conf/authn/mfa-authn-config.xml
to detect either error condition prior to checking for Duo MFA. The further
handling of two events in conf/authn/authn-events-flow.xml stumped me
though. After botched attempts, this seems to work, but I’d appreciate
sanity checking this:
   <end-state id="stopLockedAccount" />

   <end-state id="stopExpiredAccount" />

       <transition on="stopLockedAccount" to="stopLockedAccount" />
       <transition on="stopExpiredAccount" to="stopExpiredAccount" />
       <transition on="#{!'proceed'.equals(}"
to="InvalidEvent" />

David St. Pierre Bantz
U Alaska
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list