Giving an SP the authnContextClassRef they asked for
Wessel, Keith
kwessel at illinois.edu
Fri Jan 14 17:24:55 UTC 2022
I found an even easier solution: our Infoblox appliance is now sending users to an IdP-initiated URL. Unfortunately, the device still thinks it's sending an SP-initiated request, and it's including an authnRequest. Thankfully, the IdP is graciously ignoring that and only using the providerId parameter. So, it never sees the unwanted ACR in the request.
Thanks again, Scott and Mike, for the help on this.
Keith
-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Thursday, January 13, 2022 4:52 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Giving an SP the authnContextClassRef they asked for
On 1/13/22, 5:31 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> You're referring to this from the SAML2.SSO default configuration?
> Seems like I could just make a new map then override the defaultAuthenticationMethodsLookupStrategy for
> this specific RP using the same class but passing in my map as a parameter. Is that the idea?
Yes.
-- Scott
--
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!DZ3fjg!q85mzUe1_1jQPH6ST9LnSlxytpmbxSkBKaFcRHgAygB8KflcPV1ZpnreY_mnJWuexA$
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list