Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Delete challenges if authenticating without transaction_id #1356

Closed
cornelinux opened this issue Dec 22, 2018 · 1 comment
Closed

Delete challenges if authenticating without transaction_id #1356

cornelinux opened this issue Dec 22, 2018 · 1 comment
Labels
Type: Enhancement Not a complete new functional component/feature but an enhancement of an already existing feature.

Comments

@cornelinux
Copy link
Member

If a challenge is answered with PIN + OTP but without transaction_id, the challenge will not be deleted from the challenge table. (see sbidy/privacyIDEA-ADFSProvider#15).

We could add an additional parameter delete_challenge=1 in the /validate/check request to indicate that the challenges for this serial number should be deleted in case of a successful authentication.
@cornelinux cornelinux added the Type: Enhancement Not a complete new functional component/feature but an enhancement of an already existing feature. label Dec 22, 2018
@cornelinux
Copy link
Member Author

Reading through the problem in the ADFS Provider it was actually due to different transaction_ids.
In the meantime we have the same transaction_id for all tokens in a chal-resp auth request and reworked the handling of the transactions. I am closing this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Enhancement Not a complete new functional component/feature but an enhancement of an already existing feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cornelinux