Force Specific RequestedAuthnContext Comparison Operator

Plovich, Tony aplovich at
Fri Apr 19 16:24:06 EDT 2019


I'm currently attempting to federate with SP.  They use four AuthnContextClassRef of increasing levels of assurance, however the SAML request they're sending doesn't include an operator (better, min, max, exact), so Shib is defaulting to exact.  It appears by default they send the lowest level Ref, so that means users are only allowed to authenticate with a password.

Is there any way to specify a separate shibboleth.AuthnComparisonRules map in conf/authn/authn-comparison.xml that's tied to a specific relying party?  That way I could force their requests into a minimum comparison.



Tony Plovich (aplovich at<mailto:aplovich at>)
Business Information Systems (BIS)
Argonne National Laboratory

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list