MFA & multiple RemoteUser paths
Marco Naimoli
marco.naimoli at unipd.it
Tue Sep 28 14:01:09 UTC 2021
Hello, I'm using MFA on IDP4, that can use RemoteUser authentication; using
remoteuser-authn-config.xml
configuration file I choose among various path (example Authn/path1,
Authn/path2) the right path using the AuthnContextClassRef sent from the SP.
Now I need to choose using something that a user can select from
authenticaton screen (for example: based on the user selection the
remoteuser-authn-config.xml could select Authn/path3);
a possible solution could be to use, on remoteuser-authn-config.xml, the
eventId of the user selection, but I don't know if it's possible and how;
otherwise I could set an AuthnContextClassRef
from the MFA script: I tried using the script:
-------------
authCtx =
input.getSubcontext("net.shibboleth.idp.authn.context.AuthenticationContext");
var AuthnContextClassRefPrincipal =
Java.type("net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal");
tkp = new AuthnContextClassRefPrincipal("myContextClassRef");
authCtx.addRequestedPrincipalContext("operator",tkp,false);
-------------
but I don't know what to put on the "operator" field; but, more generally,
I don't know if any of the
two methods are the right approach to this problem
Another way could be to "clone" the RemoteUser flow to a new one (creating
a new module ?),
but it seems a complex solution for a (apparently) simple problem
Could anyone help me ?
Thank you
Marco Naimoli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210928/a688d68b/attachment.htm>
More information about the users
mailing list