Giving an SP the authnContextClassRef they asked for
cantor.2 at osu.edu
Thu Jan 13 17:39:46 UTC 2022
On 1/13/22, 12:32 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> If I map PPT to MFA in the shibboleth. PrincipalProxyRequestMappings, though, then that will be global. How
> would I do it for one specific relying party? After all, it won't be the usual case where an SP is explicitly
> requesting password but I want to force MFA.
Are you sure? What use case do you have to let an SP request bad authentication? Do you really imagine that such an SP even understands what it's asking?
I have never run into a single case of it. That is always just a bug.
An SP that really doesn't care what happens doesn't need to request anything.
More information about the users