Supporting different authnContextClassRef on the same SP?

Ullfig, Roberto Alfredo rullfig at uic.edu
Wed Aug 18 18:29:00 UTC 2021


I have a shibboleth SP that's not configured to request MFA but I created a sub-directory on the server and used an .htaccess file like this to get MFA working just for that directory:

AuthType shibboleth
ShibRequestSetting requireSession true
ShibRequestSetting authnContextClassRef https://refeds.org/profile/mfa
Require authnContextClassRef https://refeds.org/profile/mfa

That works.

That won't work though if I access another directory on the server first (which doesn't require MFA). Is there a way around that or not? Thanks!

---
Roberto Ullfig - rullfig at uic.edu
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210818/6615df07/attachment.htm>


More information about the users mailing list