<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi All,<div><br class="webkit-block-placeholder"></div><div>I am now digging in to handling the CredentialsContext header element of an ID-* message. There are two basic things that can be sent:</div><div><br class="webkit-block-placeholder"></div><div>* 0 or more SecurityMechanismIDs, indicating appropriate security mechanisms for further requests</div><div><br class="webkit-block-placeholder"></div><div>* a saml2 RequestedAuthnContext</div><div><br class="webkit-block-placeholder"></div><div><br class="webkit-block-placeholder"></div><div>In the case of the sec mech ids, I can think of several options, possibly the best is making another discovery request specifying the first sech mech and the current provider id, and then down the line of listed sech mechs until I get an epr that satisfies the requirement.</div><div><br class="webkit-block-placeholder"></div><div>In the case of a RequestedAuthnContext, what the heck do I do?</div><div><br class="webkit-block-placeholder"></div><div>From the docs:</div><div><br class="webkit-block-placeholder"></div><div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 10px/normal Helvetica; "><span class="Apple-style-span" style="font-size: 9px; ">1263 </span>The receiver of a <span style="font: 9.0px Times"><CredentialsContext> </span>header containing a <span style="font: 9.0px Times">RequestAuthnContext </span>element SHOULD use</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 10px/normal Helvetica; "><span style="font: 5.0px Helvetica">1264 </span>credentials that conform to the policies specified therein in any future requests to the sender of this header (where</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 10px/normal Helvetica; "><span style="font: 5.0px Helvetica">1265 </span>credentials are required).</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 10px/normal Helvetica; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 10px/normal Helvetica; "><br class="webkit-block-placeholder"></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 10px/normal Helvetica; "><span class="Apple-style-span" style="font-family: Verdana; font-size: 12px; ">thanks,</span></div></div><div apple-content-edited="true"><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Verdana; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div><br class="webkit-block-placeholder"></div><div>asa</div><div><br class="webkit-block-placeholder"></div><div>--</div><div>Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib</div><div>Tel: +1.413.429.1044 Skype: subsystem7</div></div></div></span> </div><br></body></html>