Turn off SSO login for some contextClassRef URIs

Stefan Santesson stefan at aaa-sec.com
Wed May 20 07:14:55 EDT 2015

I have 2 ContextClassRef URI:s that are configured for External

One of the ClassRefs means that the IdP MUST present some information to
the user and thus, SSO authentication is not permitted.
For the other ClassRef, SSO based on previous session is allowed.

How can I configure Shib3 IdP so that if ClassRef 1 is requested, External
is always called disregarding previous authentication, and for ClassRef 2,
External is used but SSO is allowed?


More information about the users mailing list