OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [saml-dev] Confusion regarding AuthnContext


"Configured on the SP side" meant that administrator could configure the AuthnContextClassRef (in our case PasswordProtectedTransport) on the SP side like some SP's allow (e.g. WebEx)

Our target are SaaS applications like salesforce and googleapps (which *do* not place any such restriction on AuthnContextClassRef) but wanted to be doubly sure before implementing an IdP which would always send 'PasswordProtectedTransport'.

What about government applications? Any idea whether they allow it to be configurable.

Thanks once again.

--Bhaskar.



On Mon, Sep 21, 2009 at 10:25 PM, Scott Cantor <cantor.2@osu.edu> wrote:
bhaskar jain wrote on 2009-09-21:
> Appreciate your response. I think it was coming but still do you know of
any
> real-life SP's which restrict AuthnContextClass to a particular class and
do
> not allow it to be configurable on the SP side?

I don't know what you mean by "configure on the SP side". You can configure
an SP to ask for something specific, but you can't just set what the
resulting context is/was on the SP end.

If you're asking whether there are SPs that require particular classes,
sure, I suppose. What's your audience of SPs? There aren't generally just
"SPs in the wild" outside of a particular business context.

-- Scott





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]