robot access to SP website
Cantor, Scott
cantor.2 at osu.edu
Wed Jun 23 14:27:46 UTC 2021
On 6/23/21, 10:18 AM, "users on behalf of Peter Schober" <users-bounces at shibboleth.net on behalf of peter.schober at univie.ac.at> wrote:
> Or the application (enforcing step-up authentication with a different
> authentication request sent to the IDP)?
I suppose, but outside of federated cases where there are really two organizations so the IdP can't be expected to do it (*), I think it usually makes for a better user experience to just deal with it at the IdP. It's also trading potentially N really complex configurations for 1 perhaps more complex configuration at the IdP.
-- Scott
(*) And federated scenarios don't tend to discriminate by type of user anyway because user "type" isn't very interoperable, i.e. the affiliation problem.
More information about the users
mailing list