As stated in the changelog, the configuration file for simplesamlphp-module-privacyidea 1.9 doesn’t work for 2.0
I had a working authproc version for 1.9, which I shared on Simplesamlphp and passOnNoUser asks for second factor - #7 by koenr . It basically made sure that people with an attribute 2fa=0 were not asked a 2nd factor.
I’m trying to understand the docs on simplesamlphp-module-privacyidea/privacyidea.md at master · privacyidea/simplesamlphp-module-privacyidea · GitHub, but I’m stuck.
It seems like the logic with enabledPath and enabledKey should work, but it doesn’t. Everyone is asked the 2nd factor.
<?php
$metadata['__DYNAMIC:1__'] = [
'host' => '__DEFAULT__',
'privatekey' => 'ritacollege.be.pem',
'certificate' => 'ritacollege.be.crt',
'auth' => 'ritacollege.be-sql',
'authproc' => [
10 => [
'class' => 'core:PHP',
'code' => '
if ($state["Attributes"]["2fa"][0]==0) {
$state["use_pi"] = ["key" => "0"];
}
',
],
20 => [
'class' => 'privacyidea:PrivacyideaAuthProc',
'privacyideaServerURL' => 'https://privacyidea.example.be',
'realm' => 'example.be',
'uidKey' => 'uid',
'sslVerifyHost' => 'true',
'sslVerifyPeer' => 'true',
'enabledPath' => 'use_pi',
'enabledKey' => 'key',
'SSO' => 'true',
],
],
];
Am I missing the obvious?