issue with ?

IAM David Bantz dabantz at
Tue Aug 18 19:30:25 EDT 2015

On Tue, Aug 18, 2015 at 2:34 PM, David Langenberg <davel at>

> You must force it to PPT or they will reject it. We wound up tweaking our
> config to make sure we send PPT rather than Password.

Uncle! RelyingParty config with defaultAuthenticationMethod does not force
the AuthnContextRefClass to PPT and in any case doesn't address Duo 2FA
users.  Please give me a hint on how to "force [AuthnContextRefClass in
outgoing SAML] to PPT" for a relying party. Perhaps a clever config in
multi-context-broker.xml ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list