paulhethmon
commented
9 years ago I need some clarification here. I've read through the email list but I'm missing something in the setup to bring out the bug. What I have in my test set up is this:
MCB: 2 methods and contexts defined:
- password
- silver
The "silver" method can satisfy "password".
Then 2 SP's defined and the method each requests:
- Pwd SP. Requests "password".
- Silver SP. Requests "silver" or "password" in that preference order.
I login to "Pwd", enter credentials. I go to "Silver", get sent to IdP, IdP says I must authenticate at a higher level (silver). I do and get sent to "Silver" with that context.
So what am I missing?
I think it might be that there is only a single SP involved for the bug here. The first time you login the SP does not request a context and you get "password". The second time it requests "duo" but you don't have to reauthenticate and "password" context is returned to the SP. Is that right?
langedb
1) user initially authN at password context 2) return to SP 3) user comes back & SP requests Duo 4) user doesn't get prompted for duo, MCB returns to SP.
See Steven Carmody's thread on shib-assure.