make forceAuthn requests completely start over
Cantor, Scott
cantor.2 at osu.edu
Sat Aug 1 12:30:54 EDT 2015
On 8/1/15, 11:44 AM, "users on behalf of David Langenberg" <users-bounces at shibboleth.net on behalf of davel at uchicago.edu> wrote:
>
>For us, it doesn't matter what's a the end as far as Subject goes. From what I've seen everybody comes out the other end on our impl (password/Duo) pretty much identified the same way with their netID as the principal.
>
Yes, I was just speaking for the archive. Some people have resolver logic that depends on the LDAP subject for example, so it's situational. For most sites, they're just relying on the principal name alone.
A generalized "fix" would need to think about what the merged result should be, is what I'm saying.
-- Scott
More information about the users
mailing list