Varying authnContextClassRef requirements by source IP

Cantor, Scott cantor.2 at
Wed Apr 29 14:10:16 EDT 2020

On 4/29/20, 1:38 PM, "users on behalf of Robert Bradley" <users-bounces at on behalf of robert.bradley at> wrote:

> Does anyone know how to set this up, or know if this is not possible?

Customize the Apache error handling for an authz error perhaps, and then use that to initiate a redirect back in with authnContextClassRef set as a parameter to request MFA.

Apache might have a way to conditionally attach commands based on REMOTE_ADDR perhaps. Doesn't <If> allow that?

-- Scott

More information about the users mailing list