tfpoage at ucdavis.edu
Sat Jan 7 01:15:29 GMT 2012
The SAML 2.0 Authentication Context spec mentions (sec 3.4.9)
"PasswordProtectedTransport ... is applicable when a principal
authenticates to an authentication authority through the presentation of
a password over a protected session."
Offhand, I don't see a definition of the term "protected session" in the
Can I assume that e.g. performing delegated SSO (CAS over https against
Kerberos) satisfies the definition of "protected session" for
I ask because, as others apparently have, we've been wrestling with
service-now.com. The admin interface doesn't seem to allow one to turn
off RequestedAuthnContext in the AuthnRequest, so the only apparent (and
seemingly ugly) workaround is to add PasswordProtectedTransport to my
IdP's LoginHandler (handler.xml).
More information about the users