ndk at internet2.edu
Sat Jan 7 01:36:21 GMT 2012
> Can I assume that e.g. performing delegated SSO (CAS over https
> Kerberos) satisfies the definition of "protected session" for
I think that should certainly qualify, yes. It would be nice if the
specification did say a bit more about that, but I don't know whether
a very good encompassing definition could be easily written given the
nuances of the wide variety of authentication techniques out there in
the world. I wasn't there for the writing of the spec and dunno
whether this was wrestled over; maybe Scott will chime in.
> I ask because, as others apparently have, we've been wrestling with
> service-now.com. The admin interface doesn't seem to allow one to turn
> off RequestedAuthnContext in the AuthnRequest, so the only apparent
> seemingly ugly) workaround is to add PasswordProtectedTransport to my
> IdP's LoginHandler (handler.xml).
It's probably not a bad idea to have it in there anyway, as you do in
fact perform authentication by using a password over protected
transport. It's unfortunate that it's mandatory in this instance but
I don't consider this ugly nor a workaround.
Hope this helps,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users