Re: [Dev] How to set query parameters in Adaptive Authentication

2019-03-14 Thread Prakhash Sivakumar 
Hi Ruwan,

On Fri, Mar 15, 2019 at 9:40 AM Ruwan Abeykoon  wrote:

> Hi Prakhash,
>
> Adding query parameters to the current request has no effect as the
> authenticator prompt is always a redirection. Adding a value into
> redirection URL most probably exposes internal private data via URL.
> However you can consider adding a cookie to the response as an
> alternative.
>

Here my use case was, when an external party redirecting to the IAM to do a
authentication with the onpromt=login value, if the user is already having
a session in the browser, user can by pass the flow by modifying the value.
So I was thinking weather we can enforce this using adaptive auth.

>
> Here can you explain what "force the re authentication" means?
>
What I mean was, even the browser already contain a session, we should be
able to enforce the authentication again

Thanks

>
> Cheers,
> Ruwan
>
> On Fri, Mar 15, 2019 at 9:11 AM Prakhash Sivakumar 
> wrote:
>
>> Hi Devs,
>>
>> I'm trying to assign a query parameter to the request during the
>> authentication flow, but I couldn't find a reference on how to do this.
>>
>> function onLoginRequest(context) {
>>  if (context.request.params.prompt != null &&
>>context.request.params.prompt[0].equals("login")) {
>>executeStep(1, {
>>  authenticationOptions: [{authenticator: 'basicauth'}]
>>}, {});
>>  } else {
>> *//assign the prompt value as login and send to the authenticator in the
>> authentication flow*
>>  }
>> }
>>
>> In the above, I need to complete the commented else part in order to
>> force the re authentication if the prompt value is missing. Is this
>> possible OOB with adaptive scripts ?
>>
>> Thanks
>> --
>> Prakhash Sivakumar
>> Senior Software Engineer | WSO2 Inc
>> Platform Security Team
>> Mobile : +94771510080
>> Blog : https://medium.com/@PrakhashS
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
> --
>
> *Ruwan Abeykoon*
> *Associate Director/Architect**,*
> *WSO2, Inc. http://wso2.com  *
> *lean.enterprise.middleware.*
>
>

-- 
Prakhash Sivakumar
Senior Software Engineer | WSO2 Inc
Platform Security Team
Mobile : +94771510080
Blog : https://medium.com/@PrakhashS
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How to set query parameters in Adaptive Authentication

2019-03-14 Thread Ruwan Abeykoon 
Hi Prakhash,

Adding query parameters to the current request has no effect as the
authenticator prompt is always a redirection. Adding a value into
redirection URL most probably exposes internal private data via URL.
However you can consider adding a cookie to the response as an alternative.

Here can you explain what "force the re authentication" means?

Cheers,
Ruwan

On Fri, Mar 15, 2019 at 9:11 AM Prakhash Sivakumar 
wrote:

> Hi Devs,
>
> I'm trying to assign a query parameter to the request during the
> authentication flow, but I couldn't find a reference on how to do this.
>
> function onLoginRequest(context) {
>  if (context.request.params.prompt != null &&
>context.request.params.prompt[0].equals("login")) {
>executeStep(1, {
>  authenticationOptions: [{authenticator: 'basicauth'}]
>}, {});
>  } else {
> *//assign the prompt value as login and send to the authenticator in the
> authentication flow*
>  }
> }
>
> In the above, I need to complete the commented else part in order to force
> the re authentication if the prompt value is missing. Is this possible OOB
> with adaptive scripts ?
>
> Thanks
> --
> Prakhash Sivakumar
> Senior Software Engineer | WSO2 Inc
> Platform Security Team
> Mobile : +94771510080
> Blog : https://medium.com/@PrakhashS
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 

*Ruwan Abeykoon*
*Associate Director/Architect**,*
*WSO2, Inc. http://wso2.com  *
*lean.enterprise.middleware.*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] How to set query parameters in Adaptive Authentication

2019-03-14 Thread Prakhash Sivakumar 
Hi Devs,

I'm trying to assign a query parameter to the request during the
authentication flow, but I couldn't find a reference on how to do this.

function onLoginRequest(context) {
 if (context.request.params.prompt != null &&
   context.request.params.prompt[0].equals("login")) {
   executeStep(1, {
 authenticationOptions: [{authenticator: 'basicauth'}]
   }, {});
 } else {
*//assign the prompt value as login and send to the authenticator in the
authentication flow*
 }
}

In the above, I need to complete the commented else part in order to force
the re authentication if the prompt value is missing. Is this possible OOB
with adaptive scripts ?

Thanks
-- 
Prakhash Sivakumar
Senior Software Engineer | WSO2 Inc
Platform Security Team
Mobile : +94771510080
Blog : https://medium.com/@PrakhashS
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev