How to specify multiple authnContextClassRef from SP to IdP

Terry Fleury tfleury at illinois.edu
Fri Jan 27 22:40:34 GMT 2012


As part of the InCommon SP Assurance Use Case testing
(https://spaces.internet2.edu/display/InCAssurance/SP+Assurance+Policy+Use+Cases),
I would like to know how to implement "UC2: SP Prefers Silver". I would like
to send four values as the authnContextClassRef using the "query string
parameter method"
(https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessionCreationParameters).

I can successfully send a single value such as the following (line breaks
added for readability):

https://test.cilogon.org/Shibboleth.sso/Login?
    target=https%3A%2F%2Ftest.cilogon.org%2Fsecure%2Fgetuser%2F
    &providerId=urn%3Amace%3Aincommon%3Auiuc.edu
    &authnContextClassRef=http%3A%2F%2Fid.incommon.org%2Fassurance%2Fsilver-test

I would like a multivalued authnContextClassRef.  I attempted to pass
multiple "&authnContextClassRef=..." parameters as follows:

https://test.cilogon.org/Shibboleth.sso/Login?
    target=https%3A%2F%2Ftest.cilogon.org%2Fsecure%2Fgetuser%2F
    &providerId=https%3A%2F%2Fboingo.ncsa.uiuc.edu%2Fidp%2Fshibboleth
    &authnContextClassRef=http%3A%2F%2Fid.incommon.org%2Fassurance%2Fsilver-test
    &authnContextClassRef=http%3A%2F%2Fid.incommon.org%2Fassurance%2Fbronze-test
   
&authnContextClassRef=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aac%3Aclasses%3APasswordProtectedTransport
   
&authnContextClassRef=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aac%3Aclasses%3Aunspecified

However only the first authnContextClassRef was recognized. (I discovered
this by reordering the authnContextClassRef elements.)

Is there a way to specify multiple authnContextClassRef values using the
query string parameter method?

Terry Fleury
tfleury at illinois.edu



More information about the users mailing list