different AuthnContextClassRef for different discovered IDP

marangiom m.marangio at innova.puglia.it
Mon Jun 13 10:55:09 EDT 2016


sorry to keep posting on this, but I believe I'm too cloose to the solution
to give up now... :-)

I see it is possible to create a different servlet-map to handle different
url-pattern other than the standard one /Auth/Password

but I cannot find a way to make the SP use the non standard url-pattern

Furthermore in
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass I read:

"Finally, you may also need to configure the Servlet with an "init"
parameter in web.xml named authnMethod, set to a an authentication
context/method/type value to return via SAML to the SP. By default, the
value returned will be
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport. This is
usually fine, but if you're doing something more advanced, it may need to be
changed.
Note that if you were to assign the login handler to multiple
<AuthenticationMethod> values up front, you will potentially have a problem
because the Servlet itself can only return one of them. This may work fine,
but would break if you are supporting SAML 2.0 SPs that request particular
methods. You will probably need a custom login handler or handlers in such
cases."

So I still believe my only valid option is to write a custom handler.
But please disprove me :-D

thanks
M



--
View this message in context: http://shibboleth.1660669.n2.nabble.com/different-AuthnContextClassRef-for-different-discovered-IDP-tp7625998p7626112.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.


More information about the users mailing list