Is an authnContextClassRef of "unspecified" the same as "PasswordProtectedTransport" ?
Chad La Joie
lajoie at shibboleth.net
Fri Jan 27 22:50:30 GMT 2012
"unspecified" means "any that you (the relying party) choose". So if
the IdP support username/password then it's free to respond with that.
On 1/27/12 5:45 PM, Terry Fleury wrote:
> During my InCommon SP Assurance Use Case testing, I discovered that passing
> authnContextClassRef="urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"
> from SP to IdP resulted in the IdP responding with
> Shib-AuthnContext-Class="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport".
> Is this the expected behavior?
>
> I thought that if the SP requested a specific authnContextClassRef, the IdP
> had to respond with that same value, or respond with an error if unable to
> fulfill.
>
> Terry Fleury
> tfleury at illinois.edu
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list