make forceAuthn requests completely start over

Cantor, Scott cantor.2 at
Sat Aug 1 12:30:54 EDT 2015

On 8/1/15, 11:44 AM, "users on behalf of David Langenberg" <users-bounces at on behalf of davel at> wrote:
>For us, it doesn't matter what's a the end as far as Subject goes.  From what I've seen everybody comes out the other end on our impl (password/Duo) pretty much identified the same way with their netID as the principal.  

Yes, I was just speaking for the archive. Some people have resolver logic that depends on the LDAP subject for example, so it's situational. For most sites, they're just relying on the principal name alone.

A generalized "fix" would need to think about what the merged result should be, is what I'm saying.

-- Scott

More information about the users mailing list