Force Specific RequestedAuthnContext Comparison Operator
cneberg at gmail.com
Fri Apr 19 22:13:16 EDT 2019
What if no operator was explicitly requested? Ie no exact, minimum,
maximum or better was specified in the request. Does that change
anything? Is there a way to treat it as minimum rather than exact? Ie it
requires a password and I want to use a smart card.
On Fri, Apr 19, 2019 at 3:39 PM Cantor, Scott <cantor.2 at osu.edu> wrote:
> That would also be causing it to violate the standard by abusing the
> definition of the operator that was specifically requested.
> Taking things that far you could just easily point its requests at the
> unsolicited endpoint via a CGI script, ignore the request altogether, and
> force the behavior you wanted at the IdP to begin with. It's not kosher,
> but our preference is to keep the IdP conformant and push that sort of
> breaking behavior outside of the system.
> -- Scott
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users