AuthnRequest contains an exact RequestedAuthnContext, can we override?

Mark McCoy Mark.McCoy at utsa.edu
Mon Nov 14 20:41:29 UTC 2022


Integrating a new SP and the application owner requested MFA for this service. We did what we normally do, which is to put a defaultAuthenticationMethods property with the auth context set to "https://refeds.org/profile/mfa" in a relying party override.

Surprise! The vendor has a RequestedAuthnContext with the "exact" comparison property set to the Password context.

Looking at https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631603/AuthenticationFlowSelection#Comparison-Configuration it looks like we can't override this on our end. Are we at their mercy or is there an alternative?


Mark McCoy

Manager, Enterprise Collaboration Services


The University of Texas at San Antonio

University Technology Solutions

One UTSA Circle

San Antonio, TX 78249-3209

210.458.5871
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221114/3b95fa55/attachment.htm>


More information about the users mailing list