ndk at sudonym.me
Mon May 23 13:49:39 EDT 2016
The one option that people haven’t mentioned is signing authentication requests. I don’t know whether that’s an option in your environment, but it’s the alternative.
> On May 23, 2016, at 11:47, Eric Goodman <Eric.Goodman at ucop.edu> wrote:
> My (additional) assumption has always been that if you want to use ForceAuthn in this way that you need to audit the IdPs to ensure this behavior, or at least document it clearly to the IdP leveraging your service, since it's so common for IdPs to be out of compliance or to be in compliance in meaningless ways (e.g., kerb/IWA).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users