An easy fix would be no to returned /supplementalAuthentications/ with /chainedAuthentications/ just to keep the use of these /supplementalAuthentications/ where it needs to be : with supplemental credentials [1] and to check if the policy is satisfied [2].
That sounds reasonable.
Are we in line ? So I can open a JIRA and propose the change.
Please proceed. I will carefully review any commits related to the issue to make sure we fix the bug as well as support the MFA case I outlined.
Thus, I'm wondering if the right split for a future version would be to have /userAuthentications/ on one side (the first authentication of the current /chainedAuthentications/ and all /supplementalAuthentications/) and /proxyAuthentications/ on the other side (the other authentications of the /chainedAuthentications/). What do you think ?
I think my head just exploded. I think that sounds reasonable, but you might need to draw it out so we're communicating clearly. I believe your proposal would support proxying for both the initial authentication as well as supplemental authentications, which seems like an extremely complicated use case. I certainly didn't have that case in mind for CAS 4.0, but it may be one that we want to support.
Pax, M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
