Changing MCB assurance level per SP and by "risk" (source IP)
Paul Hethmon
paul.hethmon at clareitysecurity.com
Mon Apr 7 09:18:41 EDT 2014
On Apr 4, 2014, at 6:28 PM, Cantor, Scott <cantor.2 at osu.edu<mailto:cantor.2 at osu.edu>> wrote:
I understood a recent post from Paul said no, it couldn't be done. Paul?
I guess let me clarify: I didn't necessarily think it was used by the
existing MCB code, but like I tend to think about anything, you need a
custom module to do everything. So if the "outer" API of the IdP is
visible to the "inner" modules, you should be able to switch off of that
value to do work.
I did not take it into account when building the MCB. So any default context specified by configuration is not considered by MCB. I think it could be added fairly easily, at least if I can manipulate the inbound AuthnRequest to add the context value when one is not actually sent by the RP.
Paul
Paul Hethmon
Chief Software Architect
paul.hethmon at clareitysecurity.com<mailto:paul.hethmon at clareitysecurity.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140407/3465449f/attachment.html
More information about the users
mailing list