By: Fabrice Dossin user 28 Jan 2019 at 8:43 a.m. CST

1 Response
Fabrice Dossin gravatar
Hello, I need to apply different policy workflow depending of users. Is there a way with Gluu to select the authentication method based on the user domain ? For example based on user mail domain apply social login method instead of basic auth ? This seems a little bit complicated since it should get the user then fetch for authentication method but I do not know if it already exist into Gluu or possible to customize. Or based on an LDAP attribute, could I apply eventually a second step in authentication workflow, eg. an MFA attribute telling if the user group need multiple factor authentication ? May I implement this using custom scripts ? Regards, Fabrice

By Chris Blanton staff 28 Jan 2019 at 9:55 a.m. CST

Chris Blanton gravatar
Fabrice, > Or based on an LDAP attribute, could I apply eventually a second step in authentication workflow, eg. an MFA attribute telling if the user group need multiple factor authentication ? May I implement this using custom scripts ? Without getting into too many specifics on how to build an interception script, please take a look at the Duo example that comes as a default. It's a great example of how to use all the functions in the scripts. https://github.com/GluuFederation/community-edition-setup/blob/master/static/extension/person_authentication/DuoExternalAuthenticator.py Specifically this line for your use case example: https://github.com/GluuFederation/community-edition-setup/blob/master/static/extension/person_authentication/DuoExternalAuthenticator.py#L111 This is where they check if a user has the `duo_group` attribute https://github.com/GluuFederation/community-edition-setup/blob/master/static/extension/person_authentication/DuoExternalAuthenticator.py#L41