I think we are confusing on the terms here. 1. "Retrying" is about allowing the user to retry authentication within the scope of the same authentication request from the service provider. This is mainly for failure on user's part to correctly authenticate. 2. "Forcing" is about making the user authenticate to IS even though (s)he may have a logged-in session already with IS from a previous authentication request. Technically "forcing" is when the user has to again authenticate with the same authenticator (s)he authenticated previously. If user must authenticate with a higher assurance level authenticator then that is classified as "step-up" and not "force".
@Senthalan Kanagalingam <[email protected]> can you clarify what is this thread exactly about? Is it about "retry" or "force"? The subject of the mail has both terms and different people seem to be talking of slightly different things therefore I am a bit confused. Thanks & Regards, Johann. On Mon, Jul 22, 2019 at 7:55 AM Ruwan Abeykoon <[email protected]> wrote: > Hi Senthalan, > I think we need two options here. > 1. To allow retry x number of attempts if when the authenticator is failed. > 2. To allow retry if the same authenticator has been successful in current > authentication session. > > Cheers, > Ruwan A > > > On Mon, Jul 22, 2019 at 11:19 AM Senthalan Kanagalingam < > [email protected]> wrote: > >> >> Hi all, >> >> On Sun, Jul 21, 2019 at 2:13 PM Maduranga Siriwardena <[email protected]> >> wrote: >> >>> I think the requirement here is to force to execute the step though it >>> is already authenticated for the browser session. @Senthalan, please >>> correct me if I am wrong. >>> >> Yes, the requirement is to force to execute the step even though the step >> is successfully authenticated. >> >> >> Thanks, >> Senthalan >> >>> >>> Regards, >>> >>> On Sun, Jul 21, 2019, 8:14 AM Ishara Karunarathna <[email protected]> >>> wrote: >>> >>>> HI Senthalan, >>>> >>>> +1 for the idea, >>>> At the moment we handle this in the authenticator level. So better to >>>> get it into the framework level. >>>> >>>> -Ishara >>>> >>>> On Sun, Jul 21, 2019 at 5:29 AM Johann Nallathamby <[email protected]> >>>> wrote: >>>> >>>>> Hi Senthalan, >>>>> >>>>> In the AbstractAuthenticator interface we have a method as follows: >>>>> >>>>> protected boolean retryAuthenticationEnabled() {} >>>>> >>>>> >>>>> My understanding was that the retry mechanism is enabled per >>>>> authenticator level in the authentication-framework even now. Not sure if >>>>> we can configure the retry count now. Is your idea to make this behavior >>>>> adaptive? >>>>> >>>>> How would this improvement impact for: >>>>> 1. Authenticators that have implemented "return true" for above method >>>>> 2. Authenticators that have implemented "return false" for above method >>>>> 3. Users who have extended and provided their own implementation >>>>> >>>>> Regards, >>>>> Johann. >>>>> >>>>> On Thu, Jul 18, 2019 at 7:56 AM Senthalan Kanagalingam < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> Currently, in our authentication framework, we force to retry the >>>>>> complete authentication process. With the adaptive authentication script, >>>>>> it will be great if we support force to retry mechanism per step. Let me >>>>>> explain a use-case. There will be 3 steps for authentication. if the 1st >>>>>> and 2nd steps passed successfully and the 3rd step failed the user has to >>>>>> again authenticate with 2nd step to retry the 3rd steps. >>>>>> >>>>>> We can pass a flag in the authentication options parameter (let's say >>>>>> { forceStepRetry : true }) from the script for each excuteStep() method >>>>>> and >>>>>> forced to retry the step in the step handler. >>>>>> >>>>>> function onLoginRequest(context) { >>>>>> executeStep(1, { >>>>>> onSuccess: function (context) { >>>>>> forceRetry(context); >>>>>> } >>>>>> }); >>>>>> } >>>>>> >>>>>> function forceRetry(context) { >>>>>> >>>>>> executeStep(2, { forceStepRetry : true }, { >>>>>> >>>>>> onSuccess: function (context){ >>>>>> >>>>>> executeStep(3, { >>>>>> >>>>>> onSuccess: function (context){ >>>>>> >>>>>> // Logic to execute if step 3 succeeded >>>>>> >>>>>> }, >>>>>> >>>>>> onFail: function (context){ >>>>>> forceRetry(context); >>>>>> } >>>>>> >>>>>> }); >>>>>> } >>>>>> }); >>>>>> >>>>>> } >>>>>> >>>>>> >>>>>> Please share your thoughts on this. >>>>>> >>>>>> >>>>>> Thanks, >>>>>> Senthalan >>>>>> -- >>>>>> Senthalan Kanagalingam | Software Engineer | WSO2 Inc. >>>>>> (m) +94 (0) 77 18 77 466 | (w) +94117435800 | (e) [email protected] >>>>>> <http://wso2.com/signature> >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> *Johann Dilantha Nallathamby* | Associate Director/Solutions >>>>> Architect | WSO2 Inc. >>>>> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [email protected] >>>>> [image: Signature.jpg] >>>>> >>>> >>>> >>>> -- >>>> Ishara Karunarathna >>>> Senior Technical Lead >>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>> >>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>> +94717996791 >>>> >>>> >>>> >> >> -- >> Senthalan Kanagalingam | Software Engineer | WSO2 Inc. >> (m) +94 (0) 77 18 77 466 | (w) +94117435800 | (e) [email protected] >> >> <http://wso2.com/signature> >> >> > > -- > Ruwan Abeykoon | Director/Architect | WSO2 Inc. > (w) +947435800 | Email: [email protected] > > -- *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | WSO2 Inc. (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [email protected] [image: Signature.jpg]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
