Installing available Duo authentication flow
is blocked by
Activity
Philip Smart August 19, 2020 at 3:13 PMEdited
Confirmed that IDP-1652 fixes this issue.
Philip Smart August 19, 2020 at 9:17 AM
Yes, I only need the AFD, I will try this today.
Scott Cantor August 18, 2020 at 4:28 PM
Assuming all you need is the AFD, this is now done. Just add your default AuthenticationFlowDescriptor to postconfig.xml
However, change id="authn/whatever" to p:id="authn/whatever" when you do. That's required to allow a deployer to override it because bean IDs get munged by Spring when they collide.
Scott Cantor August 3, 2020 at 6:11 PM
There's a similar issue right now in the way the OIDC extension adds to the naming registry list. The model for this just doesn't work using collection merging because it can only handle one "child" merged with the parent.
Any of the collections like this that have to be extensible will need to be rethought.
Rod Widdowson July 31, 2020 at 3:16 PM
Agreed. I'll refresh my memory of what I had thought might be needed in preparation.
To automatically install the authentication flow, I have added it to a new list of shibboleth.AvailableAuthenticationFlows inside the postconfig.xml file. However, this list overrides the same list in general-authn.xml and so (I think) needs to replicate everything in that list in addition to the new auth flow.
I think merging util:lists in Spring is non-trivial but will take a look. Otherwise, either a) I am missing a better mechanism, or b) the additional flow should be added to the existing list in general-authn.xml by the deployer or the installer.