authnContextClassRef for a specific url

Idar Borlaug idar.borlaug at gmail.com
Mon Jun 1 04:09:39 EDT 2015


Hi

We have a big site with SSO login via SAML2. But i have a few urls i
want to use a different authnContextClassRef for. Think better
autentication for a few urls.


I have tried to configure this in apache and in shibboleth2.xml with:
<RequestMapper type="Native">
<RequestMap>
<Host name="domain.no">
<Path name="/highsecurity"
authnContextClassRef="urn:oasis:names:tc:SAML:2.0:ac:classes:HighSecurity />
</Host>
</RequestMap>
</RequestMapper>


This works fine if you are not logged in, but if you have already got a
shibboleth session it won't reauthenticate. Is there some way to force
reauthentication or drop the already existing session?
-- 
Idar Borlaug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150601/e32e6142/attachment.html>


More information about the users mailing list