Force Specific RequestedAuthnContext Comparison Operator
Plovich, Tony
aplovich at anl.gov
Fri Apr 19 16:24:06 EDT 2019
Hello,
I'm currently attempting to federate with SP. They use four AuthnContextClassRef of increasing levels of assurance, however the SAML request they're sending doesn't include an operator (better, min, max, exact), so Shib is defaulting to exact. It appears by default they send the lowest level Ref, so that means users are only allowed to authenticate with a password.
Is there any way to specify a separate shibboleth.AuthnComparisonRules map in conf/authn/authn-comparison.xml that's tied to a specific relying party? That way I could force their requests into a minimum comparison.
Thanks,
--
Tony Plovich (aplovich at anl.gov<mailto:aplovich at anl.gov>)
Business Information Systems (BIS)
Argonne National Laboratory
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190419/146026ae/attachment.html>
More information about the users
mailing list