[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Queries on processing AuthnContextClassRef
> 1. What is the order/priority of Authentication Context > Classes. I could not find any reference to priority of the > classes in the document "saml-authn-context-2.0-os". The order is not defined by SAML, it's deployment specific. The SAML spec just provides the hooks for people to interact on the wire. > 2. How will the IDP communicate to the relying party (in > response) what authentication context has been used to > authenticate the user. It's inside the AuthnStatement. > a. What if the relying party requests with authentication > contexts other then the above and thus is not being supported > by the IDP. If the SP asks for an exact match you don't support, you can't satisfy it. The point is to deploy such that nonsense doesn't happen. If you're looking for AC to solve all your problems, you probably won't like the answer. It's a very complex beast and hasn't been used much to my knowledge. It was fixed to work a bit better than Liberty's, but wasn't touched functionally. I would expect a lot of variance in implementations as to what they can do or not. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]