Giving an SP the authnContextClassRef they asked for
Cantor, Scott
cantor.2 at osu.edu
Thu Jan 13 15:50:38 UTC 2022
On 1/13/22, 10:48 AM, "users on behalf of Cantor, Scott" <users-bounces at shibboleth.net on behalf of cantor.2 at osu.edu> wrote:
> I'll check the docs, I may have not noted what the default for that flow actually is.
Which would have made for a shorter answer. The text under the property reference table is:
"While the default principal support is a typical password-centric set, in most cases the addDefaultPrincipals property is left false and the values used in responses will be mapped from the value supplied by the proxied IdP. However, to handle requests properly, the supportedPrincipals property may need to be adjusted to account for the possible values that SPs should be allowed to request."
Which is the short equivalent of what I just wrote, with the addition that "may need to be adjusted" specifically means "if the flow is used by itself without the MFA flow".
-- Scott
More information about the users
mailing list