On Thu, Mar 2, 2017 at 10:34 AM, Thanuja Jayasinghe <than...@wso2.com> wrote:
> Hi Pulasthi, > > The best approach is to ask Alice to log-out when she leaves the browser. > > Or from the application side, we can give an option like "fresh-login" > which sends a "forceAuth=true" request to the IS. So he will go through the > authentication process again. > > Yes. I have seen this in gmail where the last logged in accounts are remembered and are listed when we try to login. There is another option saying "Add new account" which allows a new user to login. Can't we follow a similar approach? Thanks, > Thanuja > > > On Thu, Mar 2, 2017 at 3:14 AM, Pulasthi Mahawithana <pulast...@wso2.com> > wrote: > >> In IS 5.3.0, I have configured the authentication flow for an application >> to have 3 steps. During the authentication flow, the users may remember the >> result of the first two steps (using cookies) in their initial login. So, >> in subsequent logins they'll see the third step straight away in which they >> always need to get authenticated. >> >> Let's say 'Alice' logs in and remember the result for the first two steps >> and finish her work. After some time 'Bob' also use the same browser and >> try to login. He won't see the first two steps because there is an already >> remembered result from Alice's login. But in the third step he can't >> authenticate because he doesn't know Alice's credentials (and he intend to >> login as 'Bob'). So he needs to start over the flow as 'Bob'. When he does >> so, at IS, we should clear the remembered results for 'Alice' and allow the >> the user to try with a different username (This time he should get >> authenticated from all 3 steps). How can we achieve this requirement? Is >> there a known approach? >> >> >> -- >> *Pulasthi Mahawithana* >> Senior Software Engineer >> WSO2 Inc., http://wso2.com/ >> Mobile: +94-71-5179022 <+94%2071%20517%209022> >> Blog: https://medium.com/@pulasthi7/ >> >> <https://wso2.com/signature> >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Thanuja Lakmal* > Senior Software Engineer > WSO2 Inc. http://wso2.com/ > *lean.enterprise.middleware* > Mobile: +94715979891 +94758009992 > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
