Re: [saml-dev] Confusion regarding AuthnContext

[bhaskar jain <bhaskar.jain2002@gmail.com>]

  Scott,

   >> Sorry, I still have no idea what you're describing

   Please see the attached screenshot of the configuration required in case of WebEx. The AuthnContextClassRef field is configurable in this case. So my 

   question was whether there are any such applications which have a fixed class say 'SmartCard' and donot allow it to be changed. 

 --Bhaskar.

On Mon, Sep 21, 2009 at 10:53 PM, Scott Cantor <cantor.2@osu.edu> wrote:

bhaskar jain wrote on 2009-09-21:

> "Configured on the SP side" meant that administrator could configure the
> AuthnContextClassRef (in our case PasswordProtectedTransport) on the SP
side
> like some SP's allow (e.g. WebEx)

Sorry, I still have no idea what you're describing.

> Our target are SaaS applications like salesforce and googleapps (which
> *do* not place any such restriction on AuthnContextClassRef) but wanted
> to be doubly sure before implementing an IdP which would always send
> 'PasswordProtectedTransport'.

Are they requiring a particular class at runtime, or not?

> What about government applications? Any idea whether they allow it to be
> configurable.

I don't think there's much practice in the govt space yet but the general
idea there is to use the AC to carry LOA identifiers, not things like
technologies.

-- Scott

WebEx Enterprise - Site Administration.pdf