MFA for Incommom members

Wed Jul 3 11:04:45 EDT 2019

Scott, thanks for the response, but the SP said it's not possible for him to tweak his metadata just for 1 University and a single application. Are there any other ways we can get this implemented? 

-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Tuesday, July 2, 2019 12:47 PM
To: Shib Users <users at>
Subject: Re: MFA for Incommom members

> Are there any other ways the Endpoint URL can be extracted and used to apply MFA on ?

It's ill-advised; there is no support for applying policy to a request beyond the entityID, to avoid tying yourself to details of a deployment that are in no way assumed to be stable. Those URLs are not "applications" in the sense that you're trying to attach meaning to.

To the extent that it would ever be done, it should be done with RelayState by agreeing to specific values amongst the parties that signal the appropriate things. That's not good, but it's better than relying on the endpoints.

-- Scott

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list