AuthnRequest contains an exact RequestedAuthnContext, can we override?
Mark McCoy
Mark.McCoy at utsa.edu
Mon Nov 14 20:41:29 UTC 2022
Integrating a new SP and the application owner requested MFA for this service. We did what we normally do, which is to put a defaultAuthenticationMethods property with the auth context set to "https://refeds.org/profile/mfa" in a relying party override.
Surprise! The vendor has a RequestedAuthnContext with the "exact" comparison property set to the Password context.
Looking at https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631603/AuthenticationFlowSelection#Comparison-Configuration it looks like we can't override this on our end. Are we at their mercy or is there an alternative?
Mark McCoy
Manager, Enterprise Collaboration Services
The University of Texas at San Antonio
University Technology Solutions
One UTSA Circle
San Antonio, TX 78249-3209
210.458.5871
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221114/3b95fa55/attachment.htm>
More information about the users
mailing list