We want to have 2 factor authentication (2FA) with SAML2 alongside existing legacy security that uses LDAP.
So the desired outcome should be that they go to one URL in a webapp and get intercepted by a SAML filter, which asks an ADFS server to authenticate the user. The ADFS goes and does 2FA, returns a single result to the SAML objects.
The problem is that we want to have the legacy authentication in place as well...
So the behavior would be, they go to a secure URL, the servlet sees they have no security token and redirects them to a login page. Now if they are a member of the public, they use that login page and all is gravy. However if they are an admin, they need to click on another link which will take them through to 2FA.
My question is - would the easiest setup be to have SAML2 wrap the entire security system, including the legacy one and route different entry points... or could we simply have 2 different Authentication providers within our authentication manager in spring security.
I'm not really sure how this would be architected correctly
Aucun commentaire:
Enregistrer un commentaire