Is it possible do different authentication based on different SP?
Yaowen Tu
yaowen.tu at gmail.com
Thu Aug 16 19:09:32 EDT 2012
Thanks Scott. Maybe I didn't understand your suggested option (1) correctly.
Option (1) only works like SP1 use UsernamePassword login handler and SP2
use RemoteUser.
Is that correct?
If not, can you provide more details?
Yaowen
On Thu, Aug 16, 2012 at 4:03 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 8/16/12 6:53 PM, "Yaowen Tu" <yaowen.tu at gmail.com> wrote:
> >
> >I want to use different UserNamePassword Handler for both SPs. Can I
> >define something like:
>
> No, because you have the same context class in both. There's no difference.
>
> >But I don't know how to specify it in AuthnContextClassRef. After reading
> >the docuemnt, seems like AuthnContextClassRef only accept things like:
> >
> >urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
>
> I don't know what that means or is asking exactly.
>
> >Is there a sample configuration that I can refer to?
>
> No.
>
> >Also is it possible to config it so IdP knows that all the AuthnReqeust
> >that comes from SP1 will use LoginHandler1. So we don't need to specify
> >it in the request any more.
>
> No. If you want a login handler that does something based on the SP, you
> will have to write one.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120816/d97a8443/attachment.html
More information about the users
mailing list