CAS gateway mode
cantor.2 at osu.edu
Sat Jun 11 00:10:51 UTC 2022
On 6/10/22, 8:06 PM, "users on behalf of YF Lai" <users-bounces at shibboleth.net on behalf of ccyflai at ust.hk> wrote:
> Oops I am not aware this is an option to explicitly enable. We used authn/MFA and
> idp.authn.MFA.passiveAuthenticationSupported is true by default. Am I missing anything to support CAS
> gateway mode?
The MFA flow will default to making sure when it tries to run a login flow that that flow also supports that feature via that flag, so if one of them doesn't it will fail that attempt and log it. It's also possible to get it to not honor those settings and just run the flow regardless, but there's no real reason to most of the time, it's just a matter of getting those flows' passiveAuthenticationSupported flag set properly.
The only flows that can't really do passive support are things like X.509 or SPNEGO where the client is really in control of it.
More information about the users