"sso registration bypass" is a confusing name for the Stepup fallback authentication option

[pmeulen]

In the Stepup code "sso registration bypass" is used for the feature that forwards a second factor authentication to the fallback GSSP when the user has no active tokens registered in stepup and the authentication is at the stepup_uri_self_asserted assurance level (aka LoA 1.5).

This feature has nothing to do with single sign on (SSO). It only affects authentications to the SFO (second factor only) endpoint of the gateway.
It does allow a user to authenticate using the Stepup-Gateway without registering a token in Stepup-SelfService, so in that sense it allows the user to "bypass" the registration process. However it is misleading because it does not bypass the registration process in Stepup and give the user a token in Stepup.

A better choice would have been "fallback authentication". The name "sso registration bypass" (sso_registration_bypass) SsoRegistrationBypass occurs in many places in the Stepup code, class names, event stream, database schema and configuration, making it cumbersome to change.

sso_registration and SsoRegistration occur 162 times in Stepup-Middleware, 15 times in Stepup-Gateway.