RE: Omit flow by value defined in attribute-resolver.xml
Firstly, MFA is intended to be scripted only when the default transitions that you specify don’t apply… in other words, you don’t have to make a scripted strategy for authn/Password
if that will always be your first factor of authentication; which looks to be the case considering your downstream strategy needs a username.
Secondly, a strategy that decides what the next flow should be should never touch the AuthnticationResult. By replacing the authnResult, you are zapping the c14n that the
password flow has already done. That is likely the surface cause of your error. The root cause is likely that your authn/MFA config (in conf/authn/general-authn.xml) doesn’t support the principal(s) that end up in your new authnResult
From: users [mailto:[hidden email]]
On Behalf Of Noriyuki TAKEI Sent: Tuesday, May 15, 2018 9:26 AM To: Shib Users <[hidden email]> Subject: Omit flow by value defined in attribute-resolver.xml
I’m using MFA that consists of two flows(auth/Password and authn/Totp).
authn/Totp is new flow I have uniquely developed.
I would like to omit authn/Totp flow by value defined in attribute-resolver.xml
For example,when totpFlg defined in attribute-resolver.xml is 1,omitting authn/Totp Flow.
In order to achieve this,I defined as below in mfa-authn-config.xml.