Changing MCB assurance level per SP and by "risk" (source IP)

David Langenberg davel at
Fri Apr 4 18:22:46 EDT 2014

On Fri, Apr 4, 2014 at 4:20 PM, Cantor, Scott <cantor.2 at> wrote:

> On 4/4/14, 5:06 PM, "David Langenberg" <davel at> wrote:
> >
> >The SP needs to send the "assurance" requirement via the
> >AuthnContextClassRef field of the AuthRequest.  You can't control on the
> >IdP side "SP X requests must do DUO".
> Was that established? I thought you could specify a
> defaultAuthenticationMethod for a relying party per usual and the MCB
> could at least see it.

I understood a recent post from Paul said no, it couldn't be done.  Paul?


David Langenberg
Identity & Access Management
The University of Chicago
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list