oharsta
commented
1 year ago @baszoetekouw It would really help if we make a sequence-diagram / overview of the different login types and statuses and possible outcomes. It is now not clear to me, which combination of login_type and status to use in some of the different flows.
baszoetekouw
When logging in to SBS test using the SURFnet Acc IdP (with SSID SFO), the login turn up 4 times in the
user_loginstable:This is probably causes by the SFO login:
proxy_authzrequest with SBS OIDC client id (APP-B799ADC6-EA57-4383-B493-27FB03D9195F), SBS tell EduTEAM to redrect to SFO endpointproxy_authzrequestIt probably makes sense to log all those 4 steps, but we should make clear in the table which one denotes the actual successful login.
So I propose the following:
status(or something like that) which for (failed)proxy_authzrequests records the return status (SECOND_FA_REQUIRED,AUP_NOT_AGREED, etc)login_type(e.g.,sbs_mfa,sbs_mfa_ssid,sbs_aup).In that way, a user logging in would still give 4 entries in the table, but only 1 will have type
sbs_login.