Giving an SP the authnContextClassRef they asked for
cantor.2 at osu.edu
Thu Jan 13 17:42:14 UTC 2022
On 1/13/22, 12:40 PM, "users on behalf of Cantor, Scott" <users-bounces at shibboleth.net on behalf of cantor.2 at osu.edu> wrote:
> Are you sure? What use case do you have to let an SP request bad authentication? Do you really imagine
> that such an SP even understands what it's asking?
Or is your issue that you're not just imposing MFA widely so the majority of them don't get MFA? In which case, sorry, but I think you should just get that SP to fix itself and tell anyone that asks that the reason it doesn't get MFA is that it's demanding that you don't do it. If they care enough about the issue, then they should care enough to report the bug to the vendor.
More information about the users