In fact the requirement is not only for step-up authentication but also just to force username/password authentication authentication based on policy in IS.
Thanks & Regards, Johann. On Thu, Apr 18, 2019 at 5:32 AM Johann Nallathamby <[email protected]> wrote: > IAM Team, > > The requirement is to do step-up authentication using adaptive > authentication script on IS side for an untrusted 3rd party service > provider. > > What I mean by untrusted is that, we can't rely on the service provider to > send LOA values or force authentication requests. It should be governed > only by IS. The exact authentication policy itself can be written using > function extensions or whatever, but that is not relevant to the question. > > The reason why we can't do this is because, I think if there is an > existing session we don't even go into the authentication phase for the > adaptive authentication script to be executed. > > Github issue raised in [1]. > > [1] https://github.com/wso2/product-is/issues/5098 > > Thanks & Regards, > Johann. > > -- > *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | > WSO2 Inc. > (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [email protected] > [image: Signature.jpg] > -- *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | WSO2 Inc. (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [email protected] [image: Signature.jpg]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
