Shibboleth Developers

[Chad La Joie <>]

If the SP requests something other SPNEGO the IdP isn't going to use the
SPNEGO login handler.  It'll either return an error (if it can't handle
the request) or use some other mechanism if it can.

forceauthn is a joke with anything other than OTP the like.

Peter Williams wrote:
> So what happens in spegno evironment when the rp sends a signed request 
> bearing 1. A named auth context reqirement, and 2 forceauth is true?
> 
> 
> 
> -----Original Message-----
> From: Scott Cantor 
> <>
> Sent: Wednesday, February 25, 2009 5:26 PM
> To: 
> 
>  
> <>
> Subject: RE: [Shib-Dev] Feedback for Shibboleth 2.2 roadmap
> 
> 
> Alan Kent wrote on 2009-02-25:
>> I would find SPNEGO support (currently 1.1.2 point 5 "Provide support
>> for SPNEGO authn") very useful.
> 
> Note that I think you can do this already with Apache, the work item was
> just to provide a way to do it without that constraint.
> 
> -- Scott
> 
> 

-- 
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch