MFA with specific authnContextClassRef
Shawn
perdo at fastmail.com
Wed Aug 8 17:46:29 EDT 2018
I was afraid it would turn out to be a subtle issue... Thank you
--
Shawn
perdo at fastmail.com
On Wed, Aug 8, 2018, at 5:44 PM, Cantor, Scott wrote:
> > The SP is requesting authnContextClassRef of https://refeds.org/profile/mfa
> > and the idp errors with "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext"
> > unless I add that classRef to supportedPrincipals of authn/Password, which is
> > confusing to me. I didn't think that was needed and I think that would lead to
> > mfaCtx.isAcceptable() always returning true?
>
> That's correct, you have something wrong somewhere. Nothing obvious.
>
> -- Scott
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-
> unsubscribe at shibboleth.net
More information about the users
mailing list