Require 2factor authcontext for only specific idps for 1 sp best method

[Cantor, Scott]

On 8/11/15, 4:59 PM, "users on behalf of Ewing, Bill" <users-bounces at shibboleth.net on behalf of BEwing at utsystem.edu> wrote:

>Sorry for the confusion my brain and fingers were going in different directions but you have answered my question. We were trying to do something at the sp level but as you stated that won't work.

Well, modulo you just implementing it. If you used passive protection at the SP and had your application dynamically generate the initiator links, you could supply a parameter on that link to control the AuthnContextClassRef it will send.

-- Scott