Is it possible do different authentication based on different SP?

Cantor, Scott cantor.2 at
Thu Aug 16 19:03:19 EDT 2012

On 8/16/12 6:53 PM, "Yaowen Tu" <yaowen.tu at> wrote:
>I want to use different UserNamePassword Handler for both SPs. Can I
>define something like:

No, because you have the same context class in both. There's no difference.

>But I don't know how to specify it in AuthnContextClassRef. After reading
>the docuemnt, seems like AuthnContextClassRef only accept things like:

I don't know what that means or is asking exactly.

>Is there a sample configuration that I can refer to?


>Also is it possible to config it so IdP knows that all the AuthnReqeust
>that comes from SP1 will use LoginHandler1. So we don't need to specify
>it in the request any more.

No. If you want a login handler that does something based on the SP, you
will have to write one.

-- Scott

More information about the users mailing list