OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Confusion regarding AuthnContext


   >> Sorry, I still have no idea what you're describing
   Please see the attached screenshot of the configuration required in case of WebEx. The AuthnContextClassRef field is configurable in this case. So my 
   question was whether there are any such applications which have a fixed class say 'SmartCard' and donot allow it to be changed. 


On Mon, Sep 21, 2009 at 10:53 PM, Scott Cantor <cantor.2@osu.edu> wrote:
bhaskar jain wrote on 2009-09-21:
> "Configured on the SP side" meant that administrator could configure the
> AuthnContextClassRef (in our case PasswordProtectedTransport) on the SP
> like some SP's allow (e.g. WebEx)

Sorry, I still have no idea what you're describing.

> Our target are SaaS applications like salesforce and googleapps (which
> *do* not place any such restriction on AuthnContextClassRef) but wanted
> to be doubly sure before implementing an IdP which would always send
> 'PasswordProtectedTransport'.

Are they requiring a particular class at runtime, or not?

> What about government applications? Any idea whether they allow it to be
> configurable.

I don't think there's much practice in the govt space yet but the general
idea there is to use the AC to carry LOA identifiers, not things like

-- Scott

WebEx Enterprise - Site Administration.pdf

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]