Is it possible do different authentication based on different SP?

Cantor, Scott cantor.2 at
Thu Aug 16 10:00:04 EDT 2012

On 8/15/12 10:00 PM, "Kevin P. Foote" <kpfoote at> wrote:
>Give the Engineering group an "engineering" attribute, and the sales
>folks a "sales" attribute at the IdP. On the SP side require one or the
>other for authz.

A less elegant and more brittle way that still avoids writing code:

- deploy separate login handlers
- use an AuthnContextClassRef in the request to map to one or the other

-- Scott

More information about the users mailing list