MFA for Incommom members
NAINI, NIKHIL
NAINI at mailbox.sc.edu
Wed Jul 3 11:04:45 EDT 2019
Scott, thanks for the response, but the SP said it's not possible for him to tweak his metadata just for 1 University and a single application. Are there any other ways we can get this implemented?
-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Tuesday, July 2, 2019 12:47 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: MFA for Incommom members
> Are there any other ways the Endpoint URL can be extracted and used to apply MFA on ?
It's ill-advised; there is no support for applying policy to a request beyond the entityID, to avoid tying yourself to details of a deployment that are in no way assumed to be stable. Those URLs are not "applications" in the sense that you're trying to attach meaning to.
To the extent that it would ever be done, it should be done with RelayState by agreeing to specific values amongst the parties that signal the appropriate things. That's not good, but it's better than relying on the endpoints.
-- Scott
--
For Consortium Member technical support, see https://protect2.fireeye.com/url?k=64d34035-38417af2-64d30ef4-0cc47ad9c176-c6a6c0e5bb4fe60d&q=1&u=https%3A%2F%2Fwiki.shibboleth.net%2Fconfluence%2Fx%2FcoFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list