All work
- Warn on duplicated handler locationsSSPCPP-840Resolved issue: SSPCPP-840Scott Cantor
- Listener remoting map needs to be synchronizedSSPCPP-799Resolved issue: SSPCPP-799Scott Cantor
- Resolvers with exceptionId option don't report it as an attribute ID to clear.SSPCPP-797Resolved issue: SSPCPP-797Scott Cantor
- Artifact responses are invalidSSPCPP-792Resolved issue: SSPCPP-792Scott Cantor
- Duplicated processing of nested property sets in configSSPCPP-777Resolved issue: SSPCPP-777Scott Cantor
- Dynamic metadata provider fails to install filtersSSPCPP-763Resolved issue: SSPCPP-763Scott Cantor
- Scoped attributes are case-insensitive by definitionSSPCPP-721Resolved issue: SSPCPP-721Scott Cantor
- Shorthand SSO/Logout syntax not working with policyId settingSSPCPP-519Resolved issue: SSPCPP-519Scott Cantor
- Shibboleth Crash/Hang: KERNELBASE!RaiseException, shibsp1_4!shibsp::Handler::preserveRelayStateSSPCPP-512Resolved issue: SSPCPP-512Scott Cantor
- Shibboleth session key collisions cause xmltooling::IOExceptionSSPCPP-509Resolved issue: SSPCPP-509Scott Cantor
- relayStateLimitWhitelist parameter is being changed inadvertently by limitRelayState methodSSPCPP-487Resolved issue: SSPCPP-487Scott Cantor
- Possible problem with g++ 4.6+ defining __STDC__ and __STDC_VERSION__SSPCPP-478Resolved issue: SSPCPP-478Scott Cantor
- RequestMap not normalizing hostname for comparisonSSPCPP-449Resolved issue: SSPCPP-449Scott Cantor
- setting relayState to use ODBC storage service results in attempted redirects to an invalid URLSSPCPP-448Resolved issue: SSPCPP-448Scott Cantor
- Multiple shib_state cookies get set -> server chokes on header field sizeSSPCPP-444Resolved issue: SSPCPP-444Scott Cantor
- Auto-generated ACS endpoints improperly tracked by indexSSPCPP-439Resolved issue: SSPCPP-439Scott Cantor
- Artifact resolver code doesn't use EndpointIndex in 2.0 artifactsSSPCPP-438Resolved issue: SSPCPP-438Scott Cantor
- Change links of https://spaces.inetrnet2.edu to wiki.shibboleth.netSSPCPP-431Resolved issue: SSPCPP-431Scott Cantor
- Logout currently limited to single application boundarySSPCPP-429Resolved issue: SSPCPP-429Scott Cantor
- Tracking of header names doesn't handle refresh of attribute config filesSSPCPP-426Scott Cantor
- ExtensibleAttribute internal marshalling doesn't handle attribute naming correctlySSPCPP-419Resolved issue: SSPCPP-419Scott Cantor
- redirectErrors configuration attribute does not handle relative URLsSSPCPP-417Resolved issue: SSPCPP-417Scott Cantor
- Schema catalogs should be set after XMLTooling init.SSPCPP-413Resolved issue: SSPCPP-413Scott Cantor
- NameID lookup for logout ignores logical SP boundariesSSPCPP-400Resolved issue: SSPCPP-400Scott Cantor
- Valgrind detects memory leaksSSPCPP-392Resolved issue: SSPCPP-392Scott Cantor
- Generation of keys for relay state is not strongly randomSSPCPP-391Resolved issue: SSPCPP-391Scott Cantor
- Cryptographic nameID is longer than key length that memcache can handleSSPCPP-387Resolved issue: SSPCPP-387Scott Cantor
- Correct date format in Expires headersSSPCPP-382Resolved issue: SSPCPP-382Scott Cantor
- Option to expire redirects on ApacheSSPCPP-381Resolved issue: SSPCPP-381Scott Cantor
- When maxTimeSinceAuthn is used, valid time interval is miscalculated when IdP time is a few seconds ahead of SP timeSSPCPP-380Resolved issue: SSPCPP-380Scott Cantor
- DiscoFeed should return empty feed with no metadata providerSSPCPP-379Resolved issue: SSPCPP-379Scott Cantor
- metagen.sh creates PAOS ACS elements twiceSSPCPP-374Resolved issue: SSPCPP-374Scott Cantor
- Bug in query in ODBC storage service pluginSSPCPP-372Resolved issue: SSPCPP-372Scott Cantor
- <SSO>SAML2</SSO> does not enable ECP supportSSPCPP-371Resolved issue: SSPCPP-371Scott Cantor
- SSL_CHECK_SERVERHELLO_TLSEXTSSPCPP-370Resolved issue: SSPCPP-370Scott Cantor
- Fails to build with g++ 4.6 (missing stddef.h)SSPCPP-368Resolved issue: SSPCPP-368Scott Cantor
- Support for binary attributes in resolverSSPCPP-365Resolved issue: SSPCPP-365Scott Cantor
- Windows Installer loops infinitely if the SP is deinstalled from the Control PanelSSPCPP-363Resolved issue: SSPCPP-363Rod Widdowson
- Enforcing forceAuthn with AuthInstantSSPCPP-360Resolved issue: SSPCPP-360Scott Cantor
- metagen.sh includes xmlns for NAKEDHOSTSSSPCPP-359Resolved issue: SSPCPP-359Scott Cantor
- OpenSUSE 11.4 RPM build can't handle warnings during mod_shib buildSSPCPP-358Resolved issue: SSPCPP-358Scott Cantor
- Library init routines should be idempotentSSPCPP-357Resolved issue: SSPCPP-357Scott Cantor
- Out of tree build not supportedSSPCPP-355Scott Cantor
- Installers for 2.4.2 are installing the wrong config fileSSPCPP-354Resolved issue: SSPCPP-354Scott Cantor
- Package the SP to run as non-root userSSPCPP-353Resolved issue: SSPCPP-353Scott Cantor
- Expose RelayState limiter as a public API and revisit default settingSSPCPP-352Resolved issue: SSPCPP-352Scott Cantor
- Handle query strings on POST and avoid unintended POST data consumptionSSPCPP-335Resolved issue: SSPCPP-335Scott Cantor
47 of 47
Produce Passwordless Videos
Completed
Basics
Logistics
Basics
Logistics
Fix versions
None
Description
Environment
None
Assignee
Philip Smart
Philip SmartDetails
Details
Reporter
Philip Smart
Philip SmartCreated April 25, 2024 at 12:52 PM
Updated March 7, 2025 at 2:50 PM
Resolved March 7, 2025 at 2:50 PM
Activity
Philip Smart March 7, 2025 at 2:50 PM
Philip Smart
March 7, 2025 at 2:50 PM
Made these videos. No new ones needed for the time being.
Philip Smart May 20, 2024 at 8:18 AM
Philip Smart
May 20, 2024 at 8:18 AM
Will close this off for now, but we always use these user flows later if we wanted to produce more videos or tweak the existing ones.
Philip Smart April 25, 2024 at 4:16 PM
Philip Smart
April 25, 2024 at 4:16 PM
Produced: (1) (2) (3) (4) (5) (6) (10) (11)
Philip Smart April 25, 2024 at 1:01 PM
Philip Smart
April 25, 2024 at 1:01 PM
Prioritizing flows (1) (2) (3) (4) (5) (10) (11).
Request unsupported. The user has not opted into the passwordless functionality (and the cookie is not set)
(1) Then first factor with no MFA requirement
(2) Then MFA requested, so Duo second factor needed
Which ends with an opt-in as using a support factor
(3) Then MFA request, so second factor needed
Which does not end with opt-in, because the factor is not allowed
ReselectFlow.
(4) The user opted into using passwordless, but chooses to use password (and possibly a second factor)
IdentitySwitch. The user is not the same as the one who opted in to passwordless on that browser, so switch user
(5) Go to the first factor and possibly the second factor depending on the request
InvalidCredentials:
(6) The user completed the Duo step with a disallowed factor
Advanced flows:
(7) Bypass to inject a username, rather than relying on the cookie
Passwordless condition checks
(8) Group based opt in for the passwordless condition
(9) Using a passwordless condition that requires a uv_capable roaming authenticator.
Admin flow:
(10) User cookie management
(11) Admin cookie management