[wsf-dev] CredentialsContext / samlp:RequestedAuthnContext
Asa Hardcastle
asa.openliberty at zenn.net
Tue Feb 19 17:17:27 PST 2008
Hi All,
I am now digging in to handling the CredentialsContext header element
of an ID-* message. There are two basic things that can be sent:
* 0 or more SecurityMechanismIDs, indicating appropriate security
mechanisms for further requests
* a saml2 RequestedAuthnContext
In the case of the sec mech ids, I can think of several options,
possibly the best is making another discovery request specifying the
first sech mech and the current provider id, and then down the line of
listed sech mechs until I get an epr that satisfies the requirement.
In the case of a RequestedAuthnContext, what the heck do I do?
From the docs:
1263 The receiver of a <CredentialsContext> header containing a
RequestAuthnContext element SHOULD use
1264 credentials that conform to the policies specified therein in any
future requests to the sender of this header (where
1265 credentials are required).
thanks,
asa
--
Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib
Tel: +1.413.429.1044 Skype: subsystem7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openliberty.org/pipermail/wsf-dev_lists.openliberty.org/attachments/20080219/95d0f915/attachment.html
More information about the Wsf-dev
mailing list