Any recommendations/validation of a scheme to select a SAML Proxy or Password/MFA authentication flow based on relying party / SP entityID?

Cantor, Scott cantor.2 at
Thu Jan 27 23:50:23 UTC 2022

On 1/27/22, 2:09 PM, "users on behalf of Mak, David" <users-bounces at on behalf of d.mak at> wrote:

>    Really appreciate the great advice on this! Of course, Scott pointing out the most straightforward solution
> meant I had to swallow my embarrassing attempt to overcomplicate things.

The whole supportedPrincipals matching is completely non-obvious and very hard to document or explain, it's just very obvious once you understand it that it automates most of the matching people try to write code to handle.

-- Scott

More information about the users mailing list