I think we are confusing on the terms here.
1. "Retrying" is about allowing the user to retry authentication within the
scope of the same authentication request from the service provider. This is
mainly for failure on user's part to correctly authenticate.
2. "Forcing" is about making the user authenticate to IS even though (s)he
may have a logged-in session already with IS from a previous authentication
request. Technically "forcing" is when the user has to again authenticate
with the same authenticator (s)he authenticated previously. If user must
authenticate with a higher assurance level authenticator then that is
classified as "step-up" and not "force".
@Senthalan Kanagalingam <sentha...@wso2.com> can you clarify what is this
thread exactly about? Is it about "retry" or "force"? The subject of the
mail has both terms and different people seem to be talking of slightly
different things therefore I am a bit confused.
Thanks & Regards,
Johann.
On Mon, Jul 22, 2019 at 7:55 AM Ruwan Abeykoon <ruw...@wso2.com> wrote:
> Hi Senthalan,
> I think we need two options here.
> 1. To allow retry x number of attempts if when the authenticator is failed.
> 2. To allow retry if the same authenticator has been successful in current
> authentication session.
>
> Cheers,
> Ruwan A
>
>
> On Mon, Jul 22, 2019 at 11:19 AM Senthalan Kanagalingam <
> sentha...@wso2.com> wrote:
>
>>
>> Hi all,
>>
>> On Sun, Jul 21, 2019 at 2:13 PM Maduranga Siriwardena <madura...@wso2.com>
>> wrote:
>>
>>> I think the requirement here is to force to execute the step though it
>>> is already authenticated for the browser session. @Senthalan, please
>>> correct me if I am wrong.
>>>
>> Yes, the requirement is to force to execute the step even though the step
>> is successfully authenticated.
>>
>>
>> Thanks,
>> Senthalan
>>
>>>
>>> Regards,
>>>
>>> On Sun, Jul 21, 2019, 8:14 AM Ishara Karunarathna <isha...@wso2.com>
>>> wrote:
>>>
>>>> HI Senthalan,
>>>>
>>>> +1 for the idea,
>>>> At the moment we handle this in the authenticator level. So better to
>>>> get it into the framework level.
>>>>
>>>> -Ishara
>>>>
>>>> On Sun, Jul 21, 2019 at 5:29 AM Johann Nallathamby <joh...@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi Senthalan,
>>>>>
>>>>> In the AbstractAuthenticator interface we have a method as follows:
>>>>>
>>>>> protected boolean retryAuthenticationEnabled() {}
>>>>>
>>>>>
>>>>> My understanding was that the retry mechanism is enabled per
>>>>> authenticator level in the authentication-framework even now. Not sure if
>>>>> we can configure the retry count now. Is your idea to make this behavior
>>>>> adaptive?
>>>>>
>>>>> How would this improvement impact for:
>>>>> 1. Authenticators that have implemented "return true" for above method
>>>>> 2. Authenticators that have implemented "return false" for above method
>>>>> 3. Users who have extended and provided their own implementation
>>>>>
>>>>> Regards,
>>>>> Johann.
>>>>>
>>>>> On Thu, Jul 18, 2019 at 7:56 AM Senthalan Kanagalingam <
>>>>> sentha...@wso2.com> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> Currently, in our authentication framework, we force to retry the
>>>>>> complete authentication process. With the adaptive authentication script,
>>>>>> it will be great if we support force to retry mechanism per step. Let me
>>>>>> explain a use-case. There will be 3 steps for authentication. if the 1st
>>>>>> and 2nd steps passed successfully and the 3rd step failed the user has to
>>>>>> again authenticate with 2nd step to retry the 3rd steps.
>>>>>>
>>>>>> We can pass a flag in the authentication options parameter (let's say
>>>>>> { forceStepRetry : true }) from the script for each excuteStep() method
>>>>>> and
>>>>>> forced to retry the step in the step handler.
>>>>>>
>>>>>> function onLoginRequest(context) {
>>>>>> executeStep(1, {
>>>>>> onSuccess: function (context) {
>>>>>> forceRetry(context);
>>>>>> }
>>>>>> });
>>>>>> }
>>>>>>
>>>>>> function forceRetry(context) {
>>>>>>
>>>>>> executeStep(2, { forceStepRetry : true }, {
>>>>>>
>>>>>> onSuccess: function (context){
>>>>>>
>>>>>> executeStep(3, {
>>>>>>
>>>>>> onSuccess: function (context){
>>>>>>
>>>>>> // Logic to execute if step 3 succeeded
>>>>>>
>>>>>> },
>>>>>>
>>>>>> onFail: function (context){
>>>>>> forceRetry(context);
>>>>>> }
>>>>>>
>>>>>> });
>>>>>> }
>>>>>> });
>>>>>>
>>>>>> }
>>>>>>
>>>>>>
>>>>>> Please share your thoughts on this.
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Senthalan
>>>>>> --
>>>>>> Senthalan Kanagalingam | Software Engineer | WSO2 Inc.
>>>>>> (m) +94 (0) 77 18 77 466 | (w) +94117435800 | (e) sentha...@wso2.com
>>>>>> <http://wso2.com/signature>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> *Johann Dilantha Nallathamby* | Associate Director/Solutions
>>>>> Architect | WSO2 Inc.
>>>>> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com
>>>>> [image: Signature.jpg]
>>>>>
>>>>
>>>>
>>>> --
>>>> Ishara Karunarathna
>>>> Senior Technical Lead
>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com
>>>>
>>>> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile:
>>>> +94717996791
>>>>
>>>>
>>>>
>>
>> --
>> Senthalan Kanagalingam | Software Engineer | WSO2 Inc.
>> (m) +94 (0) 77 18 77 466 | (w) +94117435800 | (e) sentha...@wso2.com
>>
>> <http://wso2.com/signature>
>>
>>
>
> --
> Ruwan Abeykoon | Director/Architect | WSO2 Inc.
> (w) +947435800 | Email: ruw...@wso2.com
>
>
--
*Johann Dilantha Nallathamby* | Associate Director/Solutions Architect |
WSO2 Inc.
(m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com
[image: Signature.jpg]
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
