PasswordProtectedTransport Authentication with MCB

David Langenberg davel at uchicago.edu
Tue Jun 23 21:22:48 EDT 2015 

Yeah, see Brent's message, I read right past that one & went straight for
the wrong spot.

Dave

On Tue, Jun 23, 2015 at 7:20 PM, IAM David Bantz <dabantz at alaska.edu> wrote:

> The user's account does not trigger MFA - that's only triggered by
> requested context or by an attribute value (which this user does not have)
> in the directory record.
>
> So far as I know, no other "permission" is required to use username /
> password; and the user was presented with the normal username / password
> login form and successfully authenticated.
>
> db
>
> On Tue, Jun 23, 2015 at 5:16 PM, David Langenberg <davel at uchicago.edu>
> wrote:
>
>> Ok, so then we turn to your <IDMS>.  Does the user who's trying to
>> authenticate have permission to use either MFA or  PPT?
>>
>> Dave
>>
>> On Tue, Jun 23, 2015 at 7:14 PM, IAM David Bantz <dabantz at alaska.edu>
>> wrote:
>>
>>>
>>> On Tue, Jun 23, 2015 at 4:48 PM, David Langenberg <davel at uchicago.edu>
>>> wrote:
>>>
>>>> multi-context-broker.xml
>>>
>>>
>>> I have this:
>>>
>>>     <initialAuthContext requestedOnly="false">
>>>
>>>             <context
>>> name="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
>>>
>>>     </initialAuthContext>
>>>
>>> and this under authnContexts:
>>>
>>>         <context
>>> name="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
>>> method="password">
>>>
>>>             <allowedContexts>
>>>
>>>                 <context name="https://iam.alaska.edu/trac/wiki/mfa" />
>>>
>>>             </allowedContexts>
>>>
>>>         </context>
>>>
>>> --
>>> To unsubscribe from this list send an email to
>>> users-unsubscribe at shibboleth.net
>>>
>>
>>
>>
>> --
>> David Langenberg
>> Identity & Access Management Architect
>> The University of Chicago
>>
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>



-- 
David Langenberg
Identity & Access Management Architect
The University of Chicago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150623/c15b4e88/attachment.html>

More information about the users mailing list