SecureAuth version affected: All
Description:
Multiple workflows are required to perform the intended task that the client would like to achieve, but using the old multiple-workflow function is deprecated. This redirect combines two different workflows, but ultimately achieves the same post authentication.
Cause:
N/A
Resolution:
Use the redirect token to manipulate the workflow as the client would like, combining with the functionality of the adaptive authentication to combine multiple workflows from different realms. This allows the pre-auth token created from one realm, passed on to another for different workflow options, and then passed back to the initial realm for post authentication.
- Go to the workflow of the main realm you want to configure, and scroll down to the adaptive authentication portion of it. What this aspx does is it will carry the token created during the pre-auth process over to the next realm. This prevents the user having to type in their username/password multiple times since it is already referenced once in this realm.
In our scenario, we are using user groups to flag the adaptive authentication. Any user part of TwoFactor will be allowed through this workflow to post authentication, any user not part of this group will be pointed to whichever realm you want to associate the second workflow.
IE: RedirectWithToken.aspx?ReturnURL=/SecureAuth1
- Then go to the second realm, where the failure action from the first realm is referencing. In our scenario, the redirect is sending it over to SecureAuth1. Go to the post authentication tab and change the Authenticated User Redirect = Use Custom Redirect. Then in the Redirecto To, we're going to set a relative path to send the token back to the post authentication page of our initial realm (SecureAuth2 in our scenario).
Redirect To: ../SecureAuth2/Authorized/SAML20SPInitPost.aspx
- Once you're done, the intended workflow should be as follows:
Comments
Please sign in to leave a comment.