Thank you -- having never looked at the source code, this is most likely not going to be
easy for me to do. I'll try to make some time later this week to see if it’s
practical for me to dig in and look.
Jim
-----Original Message-----
From: Ivan Kanakarakis <ivan.kanak at gmail.com>
Date: Wednesday, August 21, 2019 at 2:24 PM
To: "James Jokl (virginia.edu)" <jaj at virginia.edu>
Cc: "satosa-users at lists.sunet.se" <satosa-users at lists.sunet.se>
Subject: Re: [satosa-users] MFA and SATOSA
Hello James,
On Wed, 14 Aug 2019 at 00:19, Jokl, James A (jaj) <jaj at virginia.edu> wrote:
My question: is satosa supposed to pass the SP’s requested AuthnContext to the end user’s
IdP and pass back the IdP’s response?
No, SATOSA does not do that at the moment. I think it is easy to
support, though.
A new configuration option would be introduced. When set, the saml2
frontend would store the AuthnContext, and the saml2 backend would
preserve it when recreating the AuthnRequest.
Alternatively, the AuthnContext could always be preserved and a
micro-service could be used to clear it or let it pass. This would be
more flexible if one would want to have functionality that is related
to a specific set of IdPs or SPs (the micro-service would have to
support this, but it is common to do that in a micro-service.)
I’ll dig some more but am hoping that someone already knows how/if this should work in
satosa.
Thanks much, Jim
Cheers,
--
Ivan c00kiemon5ter Kanakarakis >:3