PasswordProtectedTransport Authentication with MCB
David Langenberg
davel at uchicago.edu
Tue Jun 23 21:22:48 EDT 2015
Yeah, see Brent's message, I read right past that one & went straight for
the wrong spot.
Dave
On Tue, Jun 23, 2015 at 7:20 PM, IAM David Bantz <dabantz at alaska.edu> wrote:
> The user's account does not trigger MFA - that's only triggered by
> requested context or by an attribute value (which this user does not have)
> in the directory record.
>
> So far as I know, no other "permission" is required to use username /
> password; and the user was presented with the normal username / password
> login form and successfully authenticated.
>
> db
>
> On Tue, Jun 23, 2015 at 5:16 PM, David Langenberg <davel at uchicago.edu>
> wrote:
>
>> Ok, so then we turn to your <IDMS>. Does the user who's trying to
>> authenticate have permission to use either MFA or PPT?
>>
>> Dave
>>
>> On Tue, Jun 23, 2015 at 7:14 PM, IAM David Bantz <dabantz at alaska.edu>
>> wrote:
>>
>>>
>>> On Tue, Jun 23, 2015 at 4:48 PM, David Langenberg <davel at uchicago.edu>
>>> wrote:
>>>
>>>> multi-context-broker.xml
>>>
>>>
>>> I have this:
>>>
>>> <initialAuthContext requestedOnly="false">
>>>
>>> <context
>>> name="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
>>>
>>> </initialAuthContext>
>>>
>>> and this under authnContexts:
>>>
>>> <context
>>> name="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
>>> method="password">
>>>
>>> <allowedContexts>
>>>
>>> <context name="https://iam.alaska.edu/trac/wiki/mfa" />
>>>
>>> </allowedContexts>
>>>
>>> </context>
>>>
>>> --
>>> To unsubscribe from this list send an email to
>>> users-unsubscribe at shibboleth.net
>>>
>>
>>
>>
>> --
>> David Langenberg
>> Identity & Access Management Architect
>> The University of Chicago
>>
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
--
David Langenberg
Identity & Access Management Architect
The University of Chicago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150623/c15b4e88/attachment.html>
More information about the users
mailing list