I’m testing using Drupal 8, simplesamlphp and PrivacyIDEA for SSO and MFA and have run into a snag in that each time you visit a different sub-domain (sp) you get automatically logged in via simplesamlphp but then you have to enter an OTP for PrivacyIDEA each time.
I couldn’t find a way to disable this behavior and created my own way: https://github.com/privacyidea/simplesamlphp-module-privacyidea/pull/80 and now I realize that the user can login with simplesamlphp and then just not enter the OTP for PrivacyIdea. If they return to the site that they were trying to originally access they will be successfully logged in.
Is there an easier way of doing this?
- Login with simplesamlphp
- Complete OTP with PrivacyIDEA
- SSO logs into the site automatically
- Skips OTP from PrivacyIDEA