Hi Johann, On Fri, Apr 19, 2019 at 6:26 PM Johann Nallathamby <joh...@wso2.com> wrote:
> *[+architecture]* > > Hi Pulasthi, > > On Fri, Apr 19, 2019 at 1:36 AM Pulasthi Mahawithana <pulast...@wso2.com> > wrote: > >> Hi Johann, >> >> I think if there is an existing session we don't even go into the >>> authentication phase for the adaptive authentication script to be executed. >>> >> >> This is not really the case. The adaptive authentication script would >> execute for all the authentication requests. However, the 'executeStep()' >> function calls won't try to re-authenticate the users if the user's session >> is already authenticated with the idp configured in the step. Any other >> logic such as stepping up or any other decision/action will get executed. >> > > So if I understood this correctly, > 1. The adaptive authentication script will execute regardless of SSO > sessions > 2. 'executeStep()' function will also be called regardless of SSO sessions > 3. The default implementation inside the 'executeStep()' function checks > if the user is already authenticated with any of the IdPs configured in the > step, and if (s)he has it will skip authentication. > > So if I understood this correctly, we can do step-up authentication > without any issue. But we can't force re-authentication with same step > according to our default implementation. > > Questions: > 1. Can we override the default implementation in 'executeStep()' method? > No, it's not overridable for the script. > 2. Is it possible to configure username/password authenticator as first > step and second step as well, and then write some conditional logic to skip > the second step when needed? > This won't work as expected here because at the 2nd step, it will skip the step execution as the user is already authenticated with the same authenticator before. So, the best way would be to introduce a function to clear authenticators as mentioned by Ruwan, or to introduce an option to execute step function to force authentication for the particular step. Regards, > Johann. > > >> -- >> *Pulasthi Mahawithana* | Associate Technical Lead | WSO2 Inc. >> (m) +94-71-5179022 | (w) +94-11-2145345 | (e) pulast...@wso2.com >> >> Blog: https://medium.com/@pulasthi7/ >> >> <https://wso2.com/signature> >> > > > -- > *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | > WSO2 Inc. > (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com > [image: Signature.jpg] > -- *Pulasthi Mahawithana* | Associate Technical Lead | WSO2 Inc. (m) +94-71-5179022 | (w) +94-11-2145345 | (e) pulast...@wso2.com Blog: https://medium.com/@pulasthi7/ <https://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
