This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

pre auth risk based policy does not return attribute


I'm struggling with a pre auth risk policy, it works fine but does not return attributes if user is authentication locally

The setup is as follows, I check for a x-forward-for header that contains a specific ip address, if so then the users get a medium risk score and and I have picked secure password form + totp (OTP) as step up methods.

If the user comes from a other ip address, he get's a risk score of 0 and a method that basically is a jsp page with different external IDP that the uses can choose from

If the method that points to external idp is uses, it the saml request returns the user attribute retrieved from user store after user lookup

But if the usename/passwor + totp is executed the user gets authenticated but no attributes are retrived, only a assertion is sent to SP.

I can see in the logs that the users gets authenticated, and totp method would not work if the users wasn't identified

Nam version is 5 sp3 and it's a appliance cluster

Any one that have seen this behavior and have any suggestions?