[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: Use of eventId in unsolicited for MFA flow
From:       "Cantor, Scott via users" <users () shibboleth ! net>
Date:       2023-08-15 13:14:06
Message-ID: F08E01CF-A892-4F03-B1E4-45BB7044885C () osu ! edu
[Download RAW message or body]

> Is there a possibility, to encode this signal into an unsolicited URL to skip the
> UI selection step? 

Not in any direct sense. Building an inbound interceptor flow and/or a Java filter or \
something along those lines provides access to the original request and we (and SWF) \
provide many different mechanisms for saving off data that could be used later in the \
implementation of your logic to do something based on it, but that's about it.

Another trick I have used is overloading the target parameter to carry additional \
information, since that's already exposed as the RelayState value. That's probably \
the simplest way, though it's a little bit iffy design-wise. I don't generally want \
to see unsolicited SSO rely on target anyway as that's inappropriate (if an SP needs \
a state token, it damn well should support the standard and make its own requests).

-- Scott


-- 
For Consortium Member technical support, see \
https://shibboleth.atlassian.net/wiki/x/ZYEpPw To unsubscribe from this list send an \
email to users-unsubscribe@shibboleth.net


[prev in list] [next in list] [prev in thread] [next in thread]