simplesamlphp-module-oidc icon indicating copy to clipboard operation
simplesamlphp-module-oidc copied to clipboard

Published 20 hours ago verified publisher icon simplesamlphp

Consider using ProcessingChain for authproc processing

Open pradtke opened this issue 3 years ago • 3 comments

Our authproc processing in AuthProcService->processState() is missing some features from the main ProcessingChain. If an authproc needs to redirect the user somewhere (for consent, mfa, etc) then there is no easy way to resume the processing from the next filter. The ProcessingChain class used by SSP allows for resuming by storing the not-yet processed filter in the $state.

I think wrapping ProcessingChain from AuthProcService would allow us to use authproc filters that perform redirects.

pradtke avatar May 03 '22 00:05 pradtke

I also have a use case for an interactive authproc (MFA with the simplesamlphp-module-webauthn). Being able to run interactive authprocs would be a very valuable addition.

restena-sw avatar Apr 24 '24 15:04 restena-sw

When I did similar work for the authoauth2 module it was not as complicated as I was expecting. Most of that PR is documentation and testing, and maybe a dozen lines for the authproc method.

pradtke avatar Apr 24 '24 21:04 pradtke

Should be part of the next major release. Functionality merged in #228

pradtke avatar Jul 11 '24 23:07 pradtke