Overriding authentication method for an SP
Cantor, Scott
cantor.2 at osu.edu
Mon Dec 12 17:29:18 EST 2016
On 12/12/16, 5:07 PM, "users on behalf of Liam Hoekenga" <users-bounces at shibboleth.net on behalf of liamr at umich.edu> wrote:
> You might have a syntax error... our version looks like this...
>
>
> p:defaultAuthenticationMethods="#{{'urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken'}}"
Is that working? I wouldn't expect it to, but Spring is weird at times. It's not really right.
> Our ADFS folks want Duo enabled for their Shib integration. Following the V3 relying party docs, I added this bean to my
> relying-party.xml:
That should not be what the docs say, the type of that property is List<Principal>. The values you need to supply aren't Strings, they're Principals, typically beans that inherit from shibboleth.AuthnContextClassRefPrincipal or shibboleth.AuthenticationMethodPrincipal (latter being SAML 1).
I've done examples that certainly show that approach, maybe there are some broken examples.
-- Scott
More information about the users
mailing list