Giving an SP the authnContextClassRef they asked for

Cantor, Scott cantor.2 at
Thu Jan 13 17:42:14 UTC 2022

On 1/13/22, 12:40 PM, "users on behalf of Cantor, Scott" <users-bounces at on behalf of cantor.2 at> wrote:

>    Are you sure? What use case do you have to let an SP request bad authentication? Do you really imagine
> that such an SP even understands what it's asking?

Or is your issue that you're not just imposing MFA widely so the majority of them don't get MFA? In which case, sorry, but I think you should just get that SP to fix itself and tell anyone that asks that the reason it doesn't get MFA is that it's demanding that you don't do it. If they care enough about the issue, then they should care enough to report the bug to the vendor.

-- Scott

More information about the users mailing list