get cookie in mfa-authn-config.xml

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

get cookie in mfa-authn-config.xml

Noriyuki TAKEI
Hi,all

I'd like to get Cookie values in /opt/shibboleth-idp/conf/authn/mfa-authn-config.xml.

Spacifically,I'd like to omit specific flow on the basis of cookie value.

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: get cookie in mfa-authn-config.xml

Cantor, Scott E.
> I'd like to get Cookie values in /opt/shibboleth-idp/conf/authn/mfa-authn-
> config.xml.

See the CookieManager class in the java-support library's javadocs, there are beans defined for both session and persistent cookies (see conf/system/global-system.xml). They mostly automate this sort of thing for you.

-- Scott

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: get cookie in mfa-authn-config.xml

Tony Plovich
In reply to this post by Noriyuki TAKEI

The example here:

https://wiki.shibboleth.net/confluence/display/IDP30/SPNEGOAuthnConfiguration#SPNEGOAuthnConfiguration-ExampleConditionsinJavaScript:

can be adapted to the scripted MFA flow selector shown here:

https://wiki.shibboleth.net/confluence/display/IDP30/MultiFactorAuthnConfiguration#MultiFactorAuthnConfiguration-ProgrammaticallySelectingFlows

Tony Plovich ([hidden email])
Argonne National Laboratory
On 05/01/2018 01:12 AM, Noriyuki TAKEI wrote:
Hi,all

I'd like to get Cookie values in /opt/shibboleth-idp/conf/authn/mfa-authn-config.xml.

Spacifically,I'd like to omit specific flow on the basis of cookie value.




--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: get cookie in mfa-authn-config.xml

Noriyuki TAKEI
Hi,all

Thanks for you advice!!

I could extract cookie value in the folloeing ways.

<bean id="checkSecondFactor"  parent="shibboleth.ContextFunctions.Scripted" factory-method="inlineScript"
        p:customObject-ref="shibboleth.HttpServletRequest">
    <constructor-arg>
        <value>
        <![CDATA[
            logger = Java.type("org.slf4j.LoggerFactory").getLogger("net.shibboleth.idp.authn.impl.TransitionMultiFactorAuthentication");
            var cookies = custom.getCookies();
            for (var i = 0; i < cookies.length; i++) {
                logger.info("name:" + cookies[i].getName());
                logger.info("value:" + cookies[i].getValue());
            } 
            nextFlow = "authn/Totp";
            nextFlow;
        ]]>
        </value>
    </constructor-arg>
</bean>

2018-05-02 5:25 GMT+09:00 Tony Plovich <[hidden email]>:

The example here:

https://wiki.shibboleth.net/confluence/display/IDP30/SPNEGOAuthnConfiguration#SPNEGOAuthnConfiguration-ExampleConditionsinJavaScript:

can be adapted to the scripted MFA flow selector shown here:

https://wiki.shibboleth.net/confluence/display/IDP30/MultiFactorAuthnConfiguration#MultiFactorAuthnConfiguration-ProgrammaticallySelectingFlows

Tony Plovich ([hidden email])
Argonne National Laboratory
On 05/01/2018 01:12 AM, Noriyuki TAKEI wrote:
Hi,all

I'd like to get Cookie values in /opt/shibboleth-idp/conf/authn/mfa-authn-config.xml.

Spacifically,I'd like to omit specific flow on the basis of cookie value.






--
・‥…━━━━━━━━━━━━━━━━━━━━━━━…‥
 サイオステクノロジー株式会社
  技術部
  クラウドソリューショングループ
  武井 宜行
  〒106-0047  東京都港区南麻布二丁目 12 番 3 号 サイオスビル
  TEL:070-6569-1211 (直通) 03-6401-5117 (部代表)
  URL:http://www.sios.com/

 ■SIOSの最新情報はこちらから!「いいね!」をお待ちしています■
 (SIOS Technology):http://www.facebook.com/SIOSTechnology
 (OSSよろず相談室):http://www.facebook.com/OSSyorozu

 ■Twitter公式アカウント■
 https://twitter.com/#!/SIOS_Technology
・‥…━━━━━━━━━━━━━━━━━━━━━━━…‥

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]