Hi Ruwan, On Fri, Mar 15, 2019 at 9:40 AM Ruwan Abeykoon <[email protected]> wrote:
> Hi Prakhash, > > Adding query parameters to the current request has no effect as the > authenticator prompt is always a redirection. Adding a value into > redirection URL most probably exposes internal private data via URL. > However you can consider adding a cookie to the response as an > alternative. > Here my use case was, when an external party redirecting to the IAM to do a authentication with the onpromt=login value, if the user is already having a session in the browser, user can by pass the flow by modifying the value. So I was thinking weather we can enforce this using adaptive auth. > > Here can you explain what "force the re authentication" means? > What I mean was, even the browser already contain a session, we should be able to enforce the authentication again Thanks > > Cheers, > Ruwan > > On Fri, Mar 15, 2019 at 9:11 AM Prakhash Sivakumar <[email protected]> > wrote: > >> Hi Devs, >> >> I'm trying to assign a query parameter to the request during the >> authentication flow, but I couldn't find a reference on how to do this. >> >> function onLoginRequest(context) { >> if (context.request.params.prompt != null && >> context.request.params.prompt[0].equals("login")) { >> executeStep(1, { >> authenticationOptions: [{authenticator: 'basicauth'}] >> }, {}); >> } else { >> *//assign the prompt value as login and send to the authenticator in the >> authentication flow* >> } >> } >> >> In the above, I need to complete the commented else part in order to >> force the re authentication if the prompt value is missing. Is this >> possible OOB with adaptive scripts ? >> >> Thanks >> -- >> Prakhash Sivakumar >> Senior Software Engineer | WSO2 Inc >> Platform Security Team >> Mobile : +94771510080 >> Blog : https://medium.com/@PrakhashS >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > > *Ruwan Abeykoon* > *Associate Director/Architect**,* > *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * > *lean.enterprise.middleware.* > > -- Prakhash Sivakumar Senior Software Engineer | WSO2 Inc Platform Security Team Mobile : +94771510080 Blog : https://medium.com/@PrakhashS
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
