+Pulasthi Mahawithana <pulast...@wso2.com> for his input. On Thu, Apr 18, 2019 at 5:56 AM Johann Nallathamby <joh...@wso2.com> wrote:
> In fact the requirement is not only for step-up authentication but also > just to force username/password authentication authentication based on > policy in IS. > > Thanks & Regards, > Johann. > > On Thu, Apr 18, 2019 at 5:32 AM Johann Nallathamby <joh...@wso2.com> > wrote: > >> IAM Team, >> >> The requirement is to do step-up authentication using adaptive >> authentication script on IS side for an untrusted 3rd party service >> provider. >> >> What I mean by untrusted is that, we can't rely on the service provider >> to send LOA values or force authentication requests. It should be governed >> only by IS. The exact authentication policy itself can be written using >> function extensions or whatever, but that is not relevant to the question. >> >> The reason why we can't do this is because, I think if there is an >> existing session we don't even go into the authentication phase for the >> adaptive authentication script to be executed. >> >> Github issue raised in [1]. >> >> [1] https://github.com/wso2/product-is/issues/5098 >> >> Thanks & Regards, >> Johann. >> >> -- >> *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | >> WSO2 Inc. >> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com >> [image: Signature.jpg] >> > > > -- > *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | > WSO2 Inc. > (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com > [image: Signature.jpg] > -- *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | WSO2 Inc. (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com [image: Signature.jpg]
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture