Giving an SP the authnContextClassRef they asked for

[Wessel, Keith]

One related question to this: should I be setting the idp.authn.SAML.supportedPrincipals property to include Password, PPT and MFA principals similar to what I had set for my MFA flow before implementing the proxy? There's no default value listed for this property; it's not even listed with a commented out suggested value in authn.properties which makes sense as you wouldn't be able to suggest a reasonable default for it. I don't have it set currently and, while I haven't pushed out the change we talked about below in this thread, the vast majority of cases are working. So, is there any reason or value to setting it?

Thanks,
Keith


-----Original Message-----
From: Wessel, Keith 
Sent: Wednesday, January 12, 2022 4:15 PM
To: Shib Users <users at shibboleth.net>
Subject: RE: Giving an SP the authnContextClassRef they asked for

Ah! That makes a lot more sense. Thanks.

Keith


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Wednesday, January 12, 2022 4:09 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Giving an SP the authnContextClassRef they asked for

On 1/12/22, 5:07 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

>    The easy solution is to just include PPT, but I figured I might as well learn how this works while I'm at it.

I'm not saying instead of, I'm saying you can add Password too if you want it to be supported also. All our defaults include both.

-- Scott


-- 
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!DZ3fjg!oIbW1OMG2ijBSw4QiQKLt3raFvdMXJuU8qkthJljpO-f6femnl9LmrLtjoG6sA-pEA$ 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net