New 3.2 bean shibboleth.IgnoredContexts
Michael A Grady
mgrady at unicon.net
Fri Dec 4 10:15:04 EST 2015
So I noticed the new 3.2 bean called shibboleth.IgnoredContexts.
- Could that be used to force a 2FA method (e.g. Duo) even if an SP explicitly includes a request for PPT, by specifying PPT in that list? (And specifying a defaultAuthenticationMethods of 2FA for the SP in relying-party, of course.)
- Are there are any "negative impacts" of that, as long as PPT is otherwise the default method, and the Duo flow is configured to satisfy that also?
- Would the requested authn context (e.g. PPT) still be returned in the Authn Response?
- Can ignoredContexts be done on a per-SP basis? (Activation condition?)
Michael A. Grady
IAM Architect, Unicon, Inc.
More information about the users