Changing MCB assurance level per SP and by "risk" (source IP)

Paul Hethmon paul.hethmon at
Mon Apr 7 09:18:41 EDT 2014

On Apr 4, 2014, at 6:28 PM, Cantor, Scott <cantor.2 at<mailto:cantor.2 at>> wrote:

I understood a recent post from Paul said no, it couldn't be done.  Paul?

I guess let me clarify: I didn't necessarily think it was used by the
existing MCB code, but like I tend to think about anything, you need a
custom module to do everything. So if the "outer" API of the IdP is
visible to the "inner" modules, you should be able to switch off of that
value to do work.

I did not take it into account when building the MCB. So any default context specified by configuration is not considered by MCB. I think it could be added fairly easily, at least if I can manipulate the inbound AuthnRequest to add the context value when one is not actually sent by the RP.


Paul Hethmon
Chief Software Architect
paul.hethmon at<mailto:paul.hethmon at>

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list