Skip to Content.
Sympa Menu

mfa-interop - Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value

Subject: MFA Interop Working Group

List archive

Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value

Chronological Thread 
  • From: Nicholas Roy <>
  • To: <>
  • Subject: Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value
  • Date: Fri, 7 Oct 2016 14:49:13 -0600
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:Ev74AxPahSMRUAUbEw0l6mtUPXoX/o7sNwtQ0KIMzox0K/r9rarrMEGX3/hxlliBBdydsK0UzbeN+Pm9EUU7or+/81k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i76vnYuHUCrMAR8Y+XzBoPIiNyf1ua5/JjWZAMOgyCyN+BcNhKz+CPQvckRhYJ5Ypw221OdpGFPasxXw39lP1Seg0y668utqs0wux9Msu4sopYTGZ7xeL41GORV
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Re: the REFEDS context, Pål Axelsson said that sunet had wanted to implement something similar, but had to push the big red button when it became apparent that, for example, ADFS would not work correctly.


On 10/7/16 2:18 PM, David Walker wrote:

I also found, so it looks like somebody is thinking about implementing the SP side. FYI, I didn't get the sense (from what I heard secondhand) that REFEDS would delay adoption of our profile because of this. It is, nevertheless, a good question to ask.


On 10/07/2016 01:01 PM, Nicholas Roy wrote:
A quick Google search uncovered this:

But the other authproc filter that page mentions, which should allow the SP to request an authncontextclass does not seem to exist in the docs:

Seems like this is something that SSP should support if it doesn't, and I don't think that missing it should block adoption of this profile. The profile should drive software that doesn't support it, to support it.


On 10/7/16 1:07 PM, David Walker wrote:


The REFEDS Assurance Work Group that is reviewing our MFA interoperability profile has asked if we know what SAML implementations would support it. I have said that Shibboleth does; do any of you know about SimpleSAMLphp or other SAML implementations (IdP or SP)?


Archive powered by MHonArc 2.6.19.

Top of Page