Supporting different authnContextClassRef on the same SP?
Cantor, Scott
cantor.2 at osu.edu
Wed Aug 18 18:55:48 UTC 2021
On 8/18/21, 2:29 PM, "users on behalf of Ullfig, Roberto Alfredo" <users-bounces at shibboleth.net on behalf of rullfig at uic.edu> wrote:
> That won't work though if I access another directory on the server first (which doesn't require MFA). Is there
> a way around that or not? Thanks!
Not a practical one.
The bad answer is to use overrides, which are a nightmare and completely beyond the capability of most anybody but me and I have given up trying to help that. They don't make sense to people and I can't document them any better than I have, so it's a standoff.
Another answer is, this is the app's job, people can't be delegating all this to the SP. Redirects into /Login with the desired context class and handling access within the application is the most practical way to do this sort of thing.
-- Scott
More information about the users
mailing list