Forcing Duo by Service Provider

Brandon McKean mckeanbs at jmu.edu
Wed Mar 29 15:35:16 EDT 2017


Ok, can you point to a working sample configuration that I can study? 
What I've seen on the wiki really isn't helping me understand what I 
need to do here.

-- 
Brandon McKean
IT / Systems
Linux Administrator
(540)568-4235

On 03/29/2017 02:49 PM, Cantor, Scott wrote:
> On 3/29/17, 2:35 PM, "users on behalf of Brandon McKean" <users-bounces at shibboleth.net on behalf of mckeanbs at jmu.edu> wrote:
>
>> I'm afraid I don't follow what values I would use where then.
> I can't tell you what to use, you have to mint something. If your deployment meets the requirements of InCommon's proposed MFA profile, you could use that. If it doesn't, then you would have to create something. OSU is using "urn:mace:osu.edu:shibboleth:ac:classes:mfa" because our deployment does not fit that profile.
>
>> I'm not  trying to adjust any context
> You are in fact doing exactly that.
>
>> Most vendors we work with wouldn't know to check for  that in the assertions anyway.
> And if they don't request it, then you have to request it for them on the IdP, but "it" is a SAML AuthnContextClassRef representing your Duo deployment.
>
> -- Scott
>
>



More information about the users mailing list