specifying auth context on the IdP side?

Kevin P. Foote kpfoote at iup.edu
Wed Oct 23 11:46:34 EDT 2013


On Wed, 23 Oct 2013, Liam Hoekenga wrote:

> Acc'd to https://wiki.shibboleth.net/confluence/display/SHIB2/IdPRelyingParty,
> it looks like we can state a preference for an auth context in the
> replying party configuration:
>
>    defaultAuthenticationMethod - the authentication method to use
>        for this relying party if it does not request a specific method
>
> Is it possible to /require/ a context?  We're trying to integrate with
> a system that speaks SAML natively, but doesn't allow us to specify
> the auth context, but the users that we're deploying it for have a
> business requirement of it requiring our 2FA (invoked by
> TimeSyncToken).

Yes, you can set the defaultAuthenticationMethod for that RP in your
relying_party.xml

Is that what you mean?

------
thanks
  kevin.foote


More information about the users mailing list