Returning an AuthnContextDecl using Sibboleth3 external auth
Cantor, Scott
cantor.2 at osu.edu
Tue May 12 13:27:57 EDT 2015
On 5/12/15, 1:20 PM, "Stefan Santesson" <stefan at aaa-sec.com> wrote:
>
>On 12/05/15 15:49, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>
>>We have no support for AuthnContext declarations, we never have. We
>>support ClassRef or DeclRef (but not both, since that's not legal).
>
>I think you are wrong here,
>
>It is definitely allowed by the XML Schema for AuthnContextType
>This may hold both a ClassRes AND a choice between DeclRef or ContextDecl
Yes, you're correct. There is no path in the IdP that will support that. The bean that produces the AuthnStatement populates one or the other, but not both.
-- Scott
More information about the users
mailing list