Configuring IdP v.2.3.8 with Silver assurance
Tom Scavo
trscavo at gmail.com
Wed Sep 26 16:31:25 EDT 2012
On Wed, Sep 26, 2012 at 4:23 PM, Terry Fleury <tfleury at illinois.edu> wrote:
> I decided to bite the bullet and try to get Silver assurance working
> with Shibboleth Idp v.2.3.8. I managed to get it working for my
> particular use case: UC2: SP Prefers Silver in
> https://spaces.internet2.edu/display/InCAssurance/SP+Assurance+Policy+Use+Cases
Great!
> This seems to work how I want it. When my test SP requests silver, the
> IdP returns silver. When the SP requests nothing in particular, the IdP
> returns PasswordProtectedTransport. In either case, the IdP presents the
> user with the Username/Password login page. The login is authenticated
> via Kerberos as configured in the login.config file.
>
> I'm not sure this is the _correct_ way to do this, but this method was
> done via configuration alone (rather than writing custom login handler),
> so at least it was easy to implement.
In practice this would be useful if ALL users and ALL authentications
in the IdP's security domain are equivalent. That probably won't turn
out to be the case very often but who knows. If the assumption is
true, however, why not just return silver in ALL cases (or I should
say, in both cases: silver and unspecified)?
Tom
More information about the users
mailing list