REFEDS authnContextClass ?
Scott Gilbert
sgilbert at ucsb.edu
Wed Feb 19 13:30:54 EST 2020
Shib IdP 3.4.6
I have made the necessary config changes re REFEDS MFA to the
idp.properties and general-authn.xml files outlined on the shibcas plug-in
page.
https://github.com/Unicon/shib-cas-authn3
Duo is working ok but it doesn't look like I am getting MFA validation in
the idp-process.log. Not sure why the shibcas plug-in instructions say to
state PasswordProtectedTransport other than thats the default.
2020-02-18 11:08:38,777 - - INFO
[net.unicon.idp.externalauth.CasDuoSecurityRefedsAuthnMethodTranslator:91]
- Overriding the principal authn context class ref to
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
2020-02-18 11:08:38,777 - - INFO
[net.unicon.idp.externalauth.CasDuoSecurityRefedsAuthnMethodTranslator:122]
- The final requested authn context class ref principals are
[AuthnContextClassRefPrincipal{authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}]
I know the shibcas plug-in is probably outside the realm of this list but
is there a way to get some validation that authn is passwordprotected or
mfa. Is there a bean I can add to relying party maybe get something back in
the SAML? Or perhaps add another class ref to the general-authn.xml file?
Scott Gilbert
IAM System Admin
ETS Enterprise Technology Services
University of California Santa Barbara
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200219/7460b33d/attachment.html>
More information about the users
mailing list