Is it possible do different authentication based on different SP?

Yaowen Tu yaowen.tu at
Thu Aug 16 18:53:43 EDT 2012


I am trying to go through the option (1) by deploying multiple login
handlers, and specify AuthnContextClassRef in the request.

I want to use different UserNamePassword Handler for both SPs. Can I define
something like:

<ph:LoginHandler xsi:type="ph:UsernamePassword"



    <ph:LoginHandler xsi:type="ph:UsernamePasswordLDAP"



But I don't know how to specify it in AuthnContextClassRef. After reading
the docuemnt, seems like AuthnContextClassRef only accept things like:


Am I missing anything?

Is there a sample configuration that I can refer to?

Also is it possible to config it so IdP knows that all the AuthnReqeust
that comes from SP1 will use LoginHandler1. So we don't need to specify it
in the request any more.


On Thu, Aug 16, 2012 at 10:55 AM, Cantor, Scott <cantor.2 at> wrote:

> On 8/16/12 1:49 PM, "Yaowen Tu" <yaowen.tu at> wrote:
> >
> >Thanks folks. Looks like there are two ways to achieve it:
> There are almost certainly a dozen ways. We're just identifying the most
> obvious ones.
> -- Scott
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list