Hi Rosen, In the PostAuthenticationHandler, from the authentication context, you can retrieve the authenticated user and tenant domain. From the PostAuthenticationHandler, ChallengeQuestionManager OSGI service can be invoked to get the challenge questions that authenticated user has not answered.
You can refer pre and post flows in ConsentMgtPostAuthnHandler[2], which we are currently using for retrieving and managing user consent. From that, you will be able to get some idea on, consent page redirection from the PostAuthenticationHandler and retrieving back the user claims for which user has provided the consent. I think, in your case also, may be able to use the same approach. [1] https://github.com/wso2-extensions/identity-governance/blob/master/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/ChallengeQuestionManager.java [2] https://github.com/wso2/carbon-identity-framework/blob/master/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/consent/ConsentMgtPostAuthnHandler.java#L188 Thanks and Regards On Tue, May 29, 2018 at 11:20 PM, Rosen Silva <[email protected]> wrote: > Hi All, > > I'm implementing a feature for IS 5.5.0 to force users to add answers to > challenge questions. > This feature is implemented using PostAuthenticationHandler. > > The logic executes in the following order, > * Check whether the user has already added the answers from the post > authenticator > * If not, redirect users to a webpage (JSP file) to get the answers to the > challenge questions > * Check whether users have added the challenge questions > * Let users log in to sp if the user has filled the answers to challenge > questions > > > Clarifications with implementing the JSP page for retrieving and updating > answers to challenge questions > > AFAIK we can't use admin service for retrieve and update security > questions since we don't have the cookie while in the post-authentication > flow. > One possibility is to send the challenge questions to the webpage with the > HTTP serverlet request and get the answers back to post authentication > handler through serverlet response and add the answers to the challenge > questions. > > Your input is appreciated. > > Thanks and regards, > -- > > *Rosen Silva* > Software Engineer - WSO2 > > Email: [email protected] > Mobile: +94770677418 > Web: https://wso2.com/ > -- Indunil Upeksha Rathnayake Senior Software Engineer | WSO2 Inc Email [email protected] Mobile 0772182255
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
