Turn off SSO login for some contextClassRef URIs

Stefan Santesson stefan at aaa-sec.com
Wed May 20 14:09:52 EDT 2015

Hi Scott,

On 20/05/15 19:06, "Cantor, Scott" <cantor.2 at osu.edu> wrote:

>For now, this specific case would be workable by duplicating External
>a copy that handles the second class, so the flow descriptor in each case
>won't have both classes. That will still work later too, I'm just working
>on fixes that make it unnecessary.

This sounds like exactly what I¹m looking for.

This is what I tried to do first in a trial and error effort.

I tried to duplicate the authn/External flow in the general-authn.xml
file, listing different ClassRef under the supported principals list, but
that didn¹t work, the second instance was ignored. I probably did that all

Is there a description on how to do it right?

For my demo IdP i need 6 instances. 2 each of LoA 2, 3 and 4.


More information about the users mailing list