GitLab

In version 1.9, I had a rule in Multi that used a session attribute to enable/disable a module in the stack. The use case was to dismiss Kerberos for generic accounts, so users need to enter their personal login/password on the login form.

The Multi rule was something like this:

Kerberos $employeeType !~ /generic/; LDAP

So the Kerberos authentication was done, the user was found but before the final authentication step the rule was evaluated (with the Safe cage) and returned false (because at the end the $employeeType was filled), so the Kerberos authentication was refused and Multi was then using LDAP to authenticate user.

How could we reproduce the same behavior in Combination? In Combination, we only have access to $env.