Hi Pulasthi, The best approach is to ask Alice to log-out when she leaves the browser.
Or from the application side, we can give an option like "fresh-login" which sends a "forceAuth=true" request to the IS. So he will go through the authentication process again. Thanks, Thanuja On Thu, Mar 2, 2017 at 3:14 AM, Pulasthi Mahawithana <[email protected]> wrote: > In IS 5.3.0, I have configured the authentication flow for an application > to have 3 steps. During the authentication flow, the users may remember the > result of the first two steps (using cookies) in their initial login. So, > in subsequent logins they'll see the third step straight away in which they > always need to get authenticated. > > Let's say 'Alice' logs in and remember the result for the first two steps > and finish her work. After some time 'Bob' also use the same browser and > try to login. He won't see the first two steps because there is an already > remembered result from Alice's login. But in the third step he can't > authenticate because he doesn't know Alice's credentials (and he intend to > login as 'Bob'). So he needs to start over the flow as 'Bob'. When he does > so, at IS, we should clear the remembered results for 'Alice' and allow the > the user to try with a different username (This time he should get > authenticated from all 3 steps). How can we achieve this requirement? Is > there a known approach? > > > -- > *Pulasthi Mahawithana* > Senior Software Engineer > WSO2 Inc., http://wso2.com/ > Mobile: +94-71-5179022 <+94%2071%20517%209022> > Blog: https://medium.com/@pulasthi7/ > > <https://wso2.com/signature> > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Thanuja Lakmal* Senior Software Engineer WSO2 Inc. http://wso2.com/ *lean.enterprise.middleware* Mobile: +94715979891 +94758009992
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
