can i duplicate password authn flow with a new name and add it as a new authn flow

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

can i duplicate password authn flow with a new name and add it as a new authn flow

avinash92c
SHIBBOLETH IDP 3
i just need the same functionality provided by password flow but i need different login view pages depending on sp and different datasource based on sp also.

i was hoping if there was someway i can duplicate existing password flow with new name on the xmls and configure it to work as desired.

as a first shot i tried duplicating the files
password-authn-beans.xml
password-authn-flow.xml

to

mypassword-authn-beans.xml
mypassword-authn-flow.xml


from authn-beans.xml, i understand that the tag configured in idp.properties automatically resolves to the flow with same name

    <bean id="PopulateAuthenticationContext"
        class="net.shibboleth.idp.authn.impl.PopulateAuthenticationContext" scope="prototype"
        p:availableFlows="#{@'shibboleth.AvailableAuthenticationFlows'.?[id matches 'authn/(' + '%{idp.authn.flows:}'.trim() + ')']}"
        p:principalEvalPredicateFactoryRegistry-ref="shibboleth.AuthnComparisonRegistry" />


i added the below properties in my idp.properties

idp.authn.flows= Password|Mypassword
created a new file
mypassword-authn-config.xml

when i configure the new flow Mypassword in my relying party xml to desired SP
i get the below error

2016-08-04 13:36:13,478 - WARN [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:165] - Profile Action PopulateAuthenticationContext: No authentication flows are active for this request
2016-08-04 13:36:13,493 - ERROR [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:296] - Profile Action SelectAuthenticationFlow: No potential flows left to choose from, authentication will fail
2016-08-04 13:36:13,499 - WARN [org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred while processing the request: NoPotentialFlow



what am i missing, im not even sure if my approach is correct.
can anyone guide me
Reply | Threaded
Open this post in threaded view
|

Re: can i duplicate password authn flow with a new name and add it as a new authn flow

avinash92c
I got the solution,
if anyone else needs the same solution.

system/flows/authn
duplicate the below flows with a name of your choice
password-authn-beans.xml
password-authn-flow.xml

like
passworda-authn-beans.xml
passworda-authn-flow.xml

to have separate set of datasource configurations for the new flow
edit
passworda-authn-beans.xml
    <import resource="../../../conf/authn/passworda-authn-config.xml" />

to have a seperate login page for the new flow
edit
passworda-authn-flow.xml
    <view-state id="DisplayUsernamePasswordPage" view="mylogin">

duplicate the login.vm page and personalize it.

now every authentication flow is identified by a unique name
like password based authn flow is "Password"
so we have to define a name for our new authn flow
lets call it "Mypassword"

edit the file system/conf/webflow-config.xml
add the below line
<webflow:flow-location id="authn/Mypassword" path="../system/flows/authn/mypassword-authn-flow.xml" />

now to setup configurations for datasource for the new authn flow
go to
conf/authn
duplicate the file
password-authn-config.xml to
mypassword-authn-config.xml
setup your datasource to configure your users datasource for authentication

enable the new flow in conf/idp.properties
idp.authn.flows= Password|Mypassword

configure the new authn flow to your specific customera datasource
in conf/relying-party.xml


<bean parent="RelyingPartyByName" c:relyingPartyIds="urn_ping_saml"> 
            <property name="profileConfigurations">
                <list>
                <bean parent="Shibboleth.SSO" p:postAuthenticationFlows="attribute-release" />
                <ref bean="SAML1.AttributeQuery" />
                <ref bean="SAML1.ArtifactResolution" />
                <bean parent="SAML2.SSO" p:authenticationFlows="#{{'Mypassword'}}" p:postAuthenticationFlows="attribute-release" p:encryptAssertions="false"/>
                <ref bean="SAML2.ECP" />
                <ref bean="SAML2.Logout" />
                <ref bean="SAML2.AttributeQuery" />
                <ref bean="SAML2.ArtifactResolution" />
                <ref bean="Liberty.SSOS" />
                </list>
            </property>
        </bean>