Adaptive authentication

By: Mohamed EL HAJJ user 09 Jun 2015 at 7:25 a.m. CDT

2 Responses
Mohamed EL HAJJ gravatar
Hi, We’d like to set up a POC for a customer to prove the adaptive authentication feature. Depending on the IP source, we’d like to show a different authentication handler (for one population LDAP, for another display the already existing CAS login page) I believe Gluu offers this via interception scripts, is that correct? How hard would that be to set this up? Thanks in advance,
None
closed

Answers

By Yuriy Movchan staff 09 Jun 2015 at 11:42 a.m. CDT

Copy
Yuriy Movchan gravatar
Hi, There are few ways which allows to implement this workflow. The good example with simular workflow there is in DUO person authenticator [script](https://github.com/GluuFederation/oxAuth/blob/master/Server/integrations/duo/DuoExternalAuthenticator.py) In lines 102-113 of this script we determine if user member of DUO group and change dynamically count of steps need to log in. You can add implement simular logic to CAS script to not redirect user to CAS server for authentication in order to process LDAP authentication. Also there is alternative solution. You can enable both "basic" and "cas" person authenticator script. And write simple script and put your logic in methods: ` def isValidAuthenticationMethod(self, usageType, configurationAttributes): # Return false to trigger method call getAlternativeAuthenticationMethod return False def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes): # Return "basic" or "cas" # Get request from (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest() in order to analyze it return None `

By Michael Schwartz Account Admin 10 Jun 2015 at 4:18 p.m. CDT

Copy
Michael Schwartz gravatar
Please setup a meeting with me at http://gluu.org/booking if you'd like me to review how to do this! - Mike

Post an answer