Shibboleth IDP v4.0 to v4.16 Upgrade - Broken AuthN Flow - Help Required

prasanna cg prasannacgin at yahoo.in
Wed Apr 6 21:21:26 UTC 2022


Thanks for the confirmation, Scott. I will reach out to the vendor requesting for a fix. I’m asking for more info to pass on to the vendor. Thanks in advance for the info & support. 

In v4.0.1 (before upgrade), I do see “akamaimfa-authn-beans.xml” and “akamaimfa-authn-flow.xml” under “<IDP Home>/system/flows/authn” along with other web flows like Duo, remoteUser, x509..etc

I am assuming the file you mentioned as missing under “<IDP home>/flows/authn/AkamaiMfa-flow.xml” is other than those two ? If yes,  what should be the definition / content of this file (if I want to try creating one and play around with it) ?  

Thanks,
Prasanna


> On Apr 6, 2022, at 4:45 PM, Cantor, Scott via users <users at shibboleth.net> wrote:
> 
> On 4/6/22, 4:31 PM, "prasanna cg" <prasannacgin at yahoo.in> wrote:
> 
>>   In my current state of v4.0.1 - I simply followed the integration steps documented in the below article (MFA
>> Provider) - https://techdocs.akamai.com/mfa/docs/shibboleth 
> 
> That is indeed completely wrong. They're messing with the system/ tree and that's not allowed. It wasn't allowed in 3.0 or any release after. "It worked" is not a defense.
> 
>>   Below is my directory listing of the current state - v4.0.1. I do not see any webflow XML definitions under
>> "flows/authn/"
> 
> And that's why it's not running.
> 
>>   So, does it mean the configuration steps mentioned in that article was incorrect ?
> 
> It means their integration method was wrong and they built a time bomb that just went off.
> 
>> If yes, I’m wondering what should I be doing to get it working with 4.1.6 ?
> 
> This is a vendor's product that they integrated improperly and would probably have to fix to support 4.1.
> 
> But if you want screw around with it, I told you the answer in the first email, flows are auto-registered based on being under the flows folder with the right naming conventions. I doubt very much that that alone would be enough to get it working, but I don't know.
> 
> -- Scott
> 
> 
> -- 
> For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220406/ac7a47e6/attachment.htm>


More information about the users mailing list