Authn.properties supported principals and MFA

[Wessel, Keith]

Glad to hear I was barking up the right tree by setting that. I didn't see a mention of that in the MFA documentation on the wiki. So, it was just a guess.

But unfortunately, no, it's only set once:

[root at d7af2f147b92 shibboleth-idp]# grep -lr AuthenticationPrincipalWeightMap .
./conf/authn/authn-comparison.xml
./dist/conf/authn/authn-comparison.xml

And only once in conf/authn/authn-comparison.xml.

Other thoughts? Is my map entry definition from my last email? If nothing else, what class do I need to turn up logging for if I want to see the authn context class ref selection logic in action?

Keith

-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Thursday, August 19, 2021 3:06 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Authn.properties supported principals and MFA

The weight map is always neceessary. The only time you have any control over what's returned is when the SP requests something directly or otherwise, otherwise it's indeterminate and is simply one of the values present in the Subject.

There's no change in that. The bean just had to move by default because the old spot for it was in a file I removed.

>    It didn't change anything.

It works, I'm using it. I just checked to make sure I didn't overlook a regression. I would suspect maybe you have multiple copies of it, otherwise it's just not what you're using for some other reason.

-- Scott


-- 
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!DZ3fjg!pBebAHTbUa5SD8JHRmuVi-Owhi3It2lz9W8acZ-7K6XZ92ZJXbeET97rLUKdRs3EFA$ 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net