tbi tbalschun@gmail.com writes:
Thanks for the reply. The passthrough option really did the trick. But this
gives me another problem, now all users without a token can login.What I really want is, that users without a token can only login to the web
ui to enroll a token. But they should not be able to login without a token
via SAML.
There’s also a “webui” policy, which has “login_mode” to handle logins
to the webui.
You could possibly add a special policy for your SAML server with the
“client” option in the policy. Would that work?
Jochen