Returning an AuthnContextDecl using Sibboleth3 external auth
Stefan Santesson
stefan at aaa-sec.com
Tue May 12 13:20:57 EDT 2015
Scott,
On 12/05/15 15:49, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>We have no support for AuthnContext declarations, we never have. We
>support ClassRef or DeclRef (but not both, since that's not legal).
I think you are wrong here,
It is definitely allowed by the XML Schema for AuthnContextType
This may hold both a ClassRes AND a choice between DeclRef or ContextDecl
<sequence>
<element ref="saml:AuthnContextClassRef"/>
<choice minOccurs="0">
<element ref="saml:AuthnContextDecl"/>
<element ref="saml:AuthnContextDeclRef"/>
</choice>
</sequence>
The guiding text seems to agree (SAML 2.0 core 2.7.2.2:
³The <AuthnContext> element specifies the context of an authentication
event. The element can contain
an authentication context class reference, an authentication context
declaration or declaration reference,
or both."
/Stefan
More information about the users
mailing list