IAM Team, The requirement is to do step-up authentication using adaptive authentication script on IS side for an untrusted 3rd party service provider.
What I mean by untrusted is that, we can't rely on the service provider to send LOA values or force authentication requests. It should be governed only by IS. The exact authentication policy itself can be written using function extensions or whatever, but that is not relevant to the question. The reason why we can't do this is because, I think if there is an existing session we don't even go into the authentication phase for the adaptive authentication script to be executed. Github issue raised in [1]. [1] https://github.com/wso2/product-is/issues/5098 Thanks & Regards, Johann. -- *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | WSO2 Inc. (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [email protected] [image: Signature.jpg]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
