Conditional authproc filters #1693
Comments
|
You said on whatsapp that you went with Cirrus' implementation of the conditional authproc-filter.. I think it would make sense to import that one into SimpleSAMLphp |
|
@pradtke Would it be okay if we imported your 'PhpConditionalAuthProcInserter', 'BaseConditionalAuthProcInserter' and 'AuthProcRuleInserter'? |
|
@tvdijen Yes, please go ahead. Plan sounds good. I started updating the module for sspv2, so take a look at that branch https://github.com/cirrusidentity/simplesamlphp-module-cirrusgeneral/tree/sspv2 for a better version to import. |
|
Would definitely be useful to have in SimpleSAMLphp core |
|
I kinda forgot about this, but we can still import it and add it to 2.1 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I'm successfully using Second Factor Only (SFO) from https://github.com/OpenConextApps/simplesamlphp-module-stepupsfo. That is implemented by configuring a few authproc filters in sequence.
Configuring the authproc filter means that the second factor functionality is enabled for everyone.
It would be good if authproc filter(s) could be made conditional, for instance on the presence/absence of specific attributes.
This would allow a phased approach, for example only apply SFO to users that are part of a specific group in our directory.
Once this is running without problem, require more groups, and eventually to everyone.
The text was updated successfully, but these errors were encountered: