Override SP RequestedAuthnContext on IdP per entity?
Brian Mathis
brian.mathis at gmail.com
Thu Oct 26 19:11:48 EDT 2017
I have an application (that I have no control over) sending an
AuthnRequest that includes the following:
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
I'm not offering PasswordProtectedTransport in my IdP. I was able to
use general-authn.xml to "fake out" the SP by adding the
PasswordProtectedTransport bean to another AuthenticationFlow, but
this would apply to all relying-parties, and I prefer to target only
the entity that needs it if possible.
Is there a way to override this for a single entity? Are there
conditionals that can be used in general-authn.xml, or somewhere else?
Thank you
~ Brian
More information about the users
mailing list