[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-users
Subject: Re: Use of eventId in unsolicited for MFA flow
From: "Cantor, Scott via users" <users () shibboleth ! net>
Date: 2023-08-15 13:14:06
Message-ID: F08E01CF-A892-4F03-B1E4-45BB7044885C () osu ! edu
[Download RAW message or body]
> Is there a possibility, to encode this signal into an unsolicited URL to skip the
> UI selection step?
Not in any direct sense. Building an inbound interceptor flow and/or a Java filter or \
something along those lines provides access to the original request and we (and SWF) \
provide many different mechanisms for saving off data that could be used later in the \
implementation of your logic to do something based on it, but that's about it.
Another trick I have used is overloading the target parameter to carry additional \
information, since that's already exposed as the RelayState value. That's probably \
the simplest way, though it's a little bit iffy design-wise. I don't generally want \
to see unsolicited SSO rely on target anyway as that's inappropriate (if an SP needs \
a state token, it damn well should support the standard and make its own requests).
-- Scott
--
For Consortium Member technical support, see \
https://shibboleth.atlassian.net/wiki/x/ZYEpPw To unsubscribe from this list send an \
email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic