New 3.2 bean shibboleth.IgnoredContexts

Michael A Grady mgrady at
Fri Dec 4 10:15:04 EST 2015

So I noticed the new 3.2 bean called shibboleth.IgnoredContexts. 

- Could that be used to force a 2FA method (e.g. Duo) even if an SP explicitly includes a request for PPT, by specifying PPT in that list?   (And specifying a defaultAuthenticationMethods of 2FA for the SP in relying-party, of course.)  

- Are there are any "negative impacts" of that, as long as PPT is otherwise the default method, and the Duo flow is configured to satisfy that also? 

- Would the requested authn context (e.g. PPT) still be returned in the Authn Response?

- Can ignoredContexts be done on a per-SP basis? (Activation condition?)

Michael A. Grady
IAM Architect, Unicon, Inc.

More information about the users mailing list