Storing data (ip address) to database after successful login.
gahaverkamp at lbl.gov
Wed Sep 29 21:13:05 UTC 2021
If it's sufficient to save the browser, rather than the IP address, our
approach in our OTP module is to store a cookie, using the IdP's own cookie
management tools. It's nice not having to worry about backend storage.
(The downside is, it's Shibboleth-only, and some users get confused
about the connection between this and their desktop MFA logins.)
On Wed, Sep 29, 2021 at 7:56 AM Arnaud Houdelette <
arnaud.houdelette at normandie-univ.fr> wrote:
> Hi there.
> I'm currently in the process of enabling MFA for our institution (on IDP
> To limit the hassle on my 'angry' users, i'd like to ask for second factor
> only when the connecting IP address is not on a dynamic (expiring)
> I already found how to use a static whitelist with
> conf/authn/mfa-authn-config.xml checkSecondFactor script.
> I intend to load the address list from a database (sqlite) with the
> attribute resolver...
> but where in the auth process should I write the sucessful login IP in the
> database ?
> Arnaud Houdelette
> Administrateur des infrastructures systèmes et réseaux
> Normandie Université
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users