specifying auth context on the IdP side?
Kevin P. Foote
kpfoote at iup.edu
Wed Oct 23 11:46:34 EDT 2013
On Wed, 23 Oct 2013, Liam Hoekenga wrote:
> Acc'd to https://wiki.shibboleth.net/confluence/display/SHIB2/IdPRelyingParty,
> it looks like we can state a preference for an auth context in the
> replying party configuration:
>
> defaultAuthenticationMethod - the authentication method to use
> for this relying party if it does not request a specific method
>
> Is it possible to /require/ a context? We're trying to integrate with
> a system that speaks SAML natively, but doesn't allow us to specify
> the auth context, but the users that we're deploying it for have a
> business requirement of it requiring our 2FA (invoked by
> TimeSyncToken).
Yes, you can set the defaultAuthenticationMethod for that RP in your
relying_party.xml
Is that what you mean?
------
thanks
kevin.foote
More information about the users
mailing list