Changing MCB assurance level per SP and by "risk" (source IP)

Cantor, Scott cantor.2 at
Fri Apr 4 18:20:35 EDT 2014

On 4/4/14, 5:06 PM, "David Langenberg" <davel at> wrote:
>The SP needs to send the "assurance" requirement via the
>AuthnContextClassRef field of the AuthRequest.  You can't control on the
>IdP side "SP X requests must do DUO".

Was that established? I thought you could specify a
defaultAuthenticationMethod for a relying party per usual and the MCB
could at least see it.

-- Scott

More information about the users mailing list