*[+architecture]* Hi Pulasthi,
On Fri, Apr 19, 2019 at 1:36 AM Pulasthi Mahawithana <pulast...@wso2.com> wrote: > Hi Johann, > > I think if there is an existing session we don't even go into the >> authentication phase for the adaptive authentication script to be executed. >> > > This is not really the case. The adaptive authentication script would > execute for all the authentication requests. However, the 'executeStep()' > function calls won't try to re-authenticate the users if the user's session > is already authenticated with the idp configured in the step. Any other > logic such as stepping up or any other decision/action will get executed. > So if I understood this correctly, 1. The adaptive authentication script will execute regardless of SSO sessions 2. 'executeStep()' function will also be called regardless of SSO sessions 3. The default implementation inside the 'executeStep()' function checks if the user is already authenticated with any of the IdPs configured in the step, and if (s)he has it will skip authentication. So if I understood this correctly, we can do step-up authentication without any issue. But we can't force re-authentication with same step according to our default implementation. Questions: 1. Can we override the default implementation in 'executeStep()' method? 2. Is it possible to configure username/password authenticator as first step and second step as well, and then write some conditional logic to skip the second step when needed? Regards, Johann. > -- > *Pulasthi Mahawithana* | Associate Technical Lead | WSO2 Inc. > (m) +94-71-5179022 | (w) +94-11-2145345 | (e) pulast...@wso2.com > > Blog: https://medium.com/@pulasthi7/ > > <https://wso2.com/signature> > -- *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | WSO2 Inc. (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com [image: Signature.jpg]
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture