MFA Interop Working Group

[Nicholas Roy <>]

Re: the REFEDS context, Pål Axelsson said that sunet had wanted to 
implement something similar, but had to push the big red button when it 
became apparent that, for example, ADFS would not work correctly.

Nick

On 10/7/16 2:18 PM, David Walker wrote:
> I also found https://simplesamlphp.org/docs/development/saml:sp, so it 
> looks like somebody is thinking about implementing the SP side.  FYI, 
> I didn't get the sense (from what I heard secondhand) that REFEDS 
> would delay adoption of our profile because of this.  It is, 
> nevertheless, a good question to ask.
>
> David
>
>
> On 10/07/2016 01:01 PM, Nicholas Roy wrote:
> > A quick Google search uncovered this:
> >
> > https://simplesamlphp.org/docs/1.14/saml:authproc_expectedauthncontextclassref 
> >
> >
> > But the other authproc filter that page mentions, which should allow 
> > the SP to request an authncontextclass does not seem to exist in the 
> > docs:
> >
> > https://simplesamlphp.org/docs/1.14/simplesamlphp-authproc
> >
> > Seems like this is something that SSP should support if it doesn't, 
> > and I don't think that missing it should block adoption of this 
> > profile.  The profile should drive software that doesn't support it, 
> > to support it.
> >
> > Nick
> >
> >
> > On 10/7/16 1:07 PM, David Walker wrote:
> > > Everyone,
> > >
> > > The REFEDS Assurance Work Group that is reviewing our MFA 
> > > interoperability profile has asked if we know what SAML 
> > > implementations would support it.  I have said that Shibboleth does; 
> > > do any of you know about SimpleSAMLphp or other SAML implementations 
> > > (IdP or SP)?
> > >
> > > David