Ex: Reuse MFA flow bean
Paul B. Henson
henson at cpp.edu
Thu Sep 16 19:43:20 UTC 2021
On Wed, Sep 15, 2021 at 03:24:11PM +0000, Wessel, Keith wrote:
> Are there any examples out there yet of what I can do with this bean
> to perhaps get me headed down the right path? I see none o the wiki. I
> welcome any suggestions.
Here's what I'm currently using. Basically, if the user has already done
MFA, reuse it, if they haven't check to see if they need to.
var result = false;
var logger = Java.type("org.slf4j.LoggerFactory").getLogger("authn_mfa_reuse");
var authnCtx = input.getSubcontext("net.shibboleth.idp.authn.context.AuthenticationContext");
if (authnCtx != null) {
var authn_result = authnCtx.getActiveResults().get("authn/MFA");
if (authn_result != null) {
var principals = authn_result.getSubject().getPrincipals();
principals.forEach(
function(principal) {
if (principal instanceof Java.type("net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal")) {
var name = principal.getName();
logger.debug("considering principal " + name);
if (name.equals("https://refeds.org/profile/mfa")) {
logger.debug("authn/MFA flow reusable");
result = true;
}
}
}
);
} else {
logger.error("no authn/MFA result found");
}
} else {
logger.error("AuthenticationContext is null");
}
logger.debug("returning " + result);
result;
--
Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/
Operating Systems and Network Analyst | henson at cpp.edu
California State Polytechnic University | Pomona CA 91768
More information about the users
mailing list