Is it possible do different authentication based on different SP?

Yaowen Tu yaowen.tu at
Thu Aug 16 19:09:32 EDT 2012

Thanks Scott. Maybe I didn't understand your suggested option (1) correctly.

Option (1) only works like SP1 use UsernamePassword login handler and SP2
use RemoteUser.

Is that correct?

If not, can you provide more details?


On Thu, Aug 16, 2012 at 4:03 PM, Cantor, Scott <cantor.2 at> wrote:

> On 8/16/12 6:53 PM, "Yaowen Tu" <yaowen.tu at> wrote:
> >
> >I want to use different UserNamePassword Handler for both SPs. Can I
> >define something like:
> No, because you have the same context class in both. There's no difference.
> >But I don't know how to specify it in AuthnContextClassRef. After reading
> >the docuemnt, seems like AuthnContextClassRef only accept things like:
> >
> >urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
> I don't know what that means or is asking exactly.
> >Is there a sample configuration that I can refer to?
> No.
> >Also is it possible to config it so IdP knows that all the AuthnReqeust
> >that comes from SP1 will use LoginHandler1. So we don't need to specify
> >it in the request any more.
> No. If you want a login handler that does something based on the SP, you
> will have to write one.
> -- Scott
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list