F5 big-ip vpn saml implementation with 2factor

IAM David Bantz dabantz at alaska.edu
Fri Dec 18 18:40:21 EST 2015

Perhaps with some provisos. I have been unable to find a combination of
configurations with MCB that will enable an acceptable (by the SP) response
to a request with:

<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<samlp:RequestedAuthnContext Comparison="exact"
    <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML
  <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML

David Bantz

On Fri, Dec 18, 2015 at 2:21 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:

> > We are all pretty much on the same setup of shibboleth idp 2.5.4, mcb
> 1.2.5
> > and the latest duo mcb plugin cant recall version atm. "we've been told
> in the
> > past custom relying party's to request a specific authcontext was not
> > workable in v2x. our deadline for this solution would be before all our
> > campus's could all get to idp v3 as well.
> I can only speak to V2 alone, and it supports SP-specific defaulting of an
> authentication method just fine.
> -- Scott
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151218/1165fd1f/attachment.html>

More information about the users mailing list