MFA and AWS SAML authentication
Wessel, Keith
kwessel at illinois.edu
Wed May 17 17:57:54 EDT 2017
Good to know. I'll test again to see if they've fixed it. Maybe it was an issue when we last tested. We brought it to their attention, but we didn't get much of a response.
Keith
-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Wednesday, May 17, 2017 4:52 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: MFA and AWS SAML authentication
On 5/17/17, 5:48 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> Our AWS admins asked if I could turn on forced MFA into AWS for specific users. I did this, and AWS didn't like it. Turns out, if you
> send an authn context other than urn:oasis:names:tc:SAML:2.0:classes:ac:password to AWS with your assertion, they reject it.
Hmm, no, they don't, we're doing that.
So...dunno but it's been fine here.
-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list