diff --git a/lib/Auth/Process/PrivacyideaAuthProc.php b/lib/Auth/Process/PrivacyideaAuthProc.php index 861e6906144ff6d851ca6a61de70b4023b964ec1..4aa449f8682b38b2a554735eb658933c06b25e20 100644 --- a/lib/Auth/Process/PrivacyideaAuthProc.php +++ b/lib/Auth/Process/PrivacyideaAuthProc.php @@ -11,6 +11,7 @@ use SimpleSAML\Error\ConfigurationError; use SimpleSAML\Logger; use SimpleSAML\Module; use SimpleSAML\Module\privacyidea\Auth\Utils; +use SimpleSAML\Module\saml\Error\NoPassive; use SimpleSAML\Utils\HTTP; /** @@ -96,6 +97,10 @@ class PrivacyideaAuthProc extends ProcessingFilter $username = $state['Attributes'][$this->authProcConfig['uidKey']][0]; $stateId = State::saveState($state, 'privacyidea:privacyidea'); + if (isset($state['isPassive']) && true === $state['isPassive']) { + throw new NoPassive('Passive multi-factor authentication not supported.'); + } + // Check if it should be controlled that user has no tokens and a new token should be enrolled. if (!empty($this->authProcConfig['doEnrollToken']) && true === $this->authProcConfig['doEnrollToken']) { $stateId = $this->enrollToken($stateId, $username);