Any recommendations/validation of a scheme to select a SAML Proxy or Password/MFA authentication flow based on relying party / SP entityID?
Mak, David
d.mak at northeastern.edu
Fri Jan 14 15:56:17 UTC 2022
I've configured SAML Proxy in both IDP 4.0.1 and 4.1.4 in our dev environments, in preparation for some architectural changes within our authentication architecture.
We have a need to select an authentication flow based on the entityID of the service provider's/relying parties' SAML request. It will default to SAML Proxy unless the SP/RP is in a smaller list, in which case we want to use the default MFA authN flow we have which uses the Password and Duo MFA methods.
As I see it, I will need to create a custom authN flow that checks the entityID for a match to that list, then continue with either the SAML Proxy or the MFA flows as needed.
I need to read up on the Spring web flow stuff more, but on first glance, I'm having trouble determining if this is possible with the design I described. It seems the only end-state is a "proceed" and I can't quite see how a custom authN flow can initiate either a SAML Proxy flow or a MFA authN flow.
Any advice would be appreciated. Thanks in advance!
David Mak (Pronouns: He/Him/His)
Identity Services Specialist
Information Technology Services
Northeastern University
360 Huntington Ave. Boston MA 02115-5000
Mail Stop: 302-216
O:617-373-7836 M:617-840-7543
d.mak at northeastern.edu<mailto:%20d.mak at neu.edu>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220114/df763183/attachment.htm>
More information about the users
mailing list