On Fri, Jul 14, 2017 at 11:31 AM, Harsha Kumara <[email protected]> wrote:
> Hi All,
>
> This is regarding the behavior of Authentication flow between multiple
> service providers.
>
> I have created two service providers with following configurations.
>
> *SP1*
>
> This service provider has two options which allow to users to login either
> Basic Authentication scheme or Facebook
>
> Configuration
>
> 1 Authentication Step with MultiOption with Basic Auth and Facebook.
>
>
> *SP2*
>
> This service provider has two authentication steps which allow to users
> to login either Basic Authentication scheme or Facebook and second
> authentication step with TOTP.
>
> Configuration
>
> 2 Authentication Steps
>
> - 1 Authentication Step with MultiOption with Basic Auth and Facebook.
> - 2 Authentication Step with TOTP
>
>
> *Behavioral Concern*
>
> I have configured two applications with SP1 and SP2 respectively. Then I
> have logged into the first application with Basic Authentication Scheme
> which is configured in SP1.
>
> But when I going to authentication with my second application which
> configured with SP2, I have logged into it automatically.
>
> Shouldn't it ask for TOTP authentication? Because first application only
> authenticated with Basic Auth but my second application required Basic Auth
> + TOTP.
>
Yes. It should... Session contains the authenticated SP details.....
Therefore; it can decide based on the SP... If it is not working, it
seems like a bug..
Thanks,
Asela.
>
> Thanks,
> Harsha
>
> --
> Harsha Kumara
> Software Engineer, WSO2 Inc.
> Mobile: +94775505618 <+94%2077%20550%205618>
> Blog:harshcreationz.blogspot.com
>
--
Thanks & Regards,
Asela
ATL
Mobile : +94 777 625 933
+358 449 228 979
http://soasecurity.org/
http://xacmlinfo.org/
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
