[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    RE: Giving an SP the authnContextClassRef they asked for
From:       "Wessel, Keith" <kwessel () illinois ! edu>
Date:       2022-01-14 17:24:55
Message-ID: BN6PR11MB41802C1DEC5195C8D4E0D4BACB549 () BN6PR11MB4180 ! namprd11 ! prod ! outlook ! com
[Download RAW message or body]

I found an even easier solution: our Infoblox appliance is now sending users to an \
IdP-initiated URL. Unfortunately, the device still thinks it's sending an \
SP-initiated request, and it's including an authnRequest. Thankfully, the IdP is \
graciously ignoring that and only using the providerId parameter. So, it never sees \
the unwanted ACR in the request.

Thanks again, Scott and Mike, for the help on this.

Keith


-----Original Message-----
From: users <users-bounces@shibboleth.net> On Behalf Of Cantor, Scott
Sent: Thursday, January 13, 2022 4:52 PM
To: Shib Users <users@shibboleth.net>
Subject: Re: Giving an SP the authnContextClassRef they asked for

On 1/13/22, 5:31 PM, "users on behalf of Wessel, Keith" <users-bounces@shibboleth.net \
on behalf of kwessel@illinois.edu> wrote:

> You're referring to this from the SAML2.SSO default configuration?
> Seems like I could just make a new map then override the \
> defaultAuthenticationMethodsLookupStrategy for this specific RP using the same \
> class but passing in my map as a parameter. Is that the idea?

Yes.

-- Scott


-- 
For Consortium Member technical support, see \
https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!DZ3fjg!q85mzUe1_1jQPH6ST9LnSlxytpmbxSkBKaFcRHgAygB8KflcPV1ZpnreY_mnJWuexA$ \
 To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net
-- 
For Consortium Member technical support, see \
https://shibboleth.atlassian.net/wiki/x/ZYEpPw To unsubscribe from this list send an \
email to users-unsubscribe@shibboleth.net


[prev in list] [next in list] [prev in thread] [next in thread]