...
(for v4.0.1) Update the authn/SAML bean in authn/general-authn.xml so it understands the REFEDS MFA profile by adding a supportedPrinciples supportedPrincipals property:
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="authn/SAML" parent="shibboleth.AuthenticationFlow" p:nonBrowserSupported="false" p:passiveAuthenticationSupported="true" p:forcedAuthenticationSupported="true" p:proxyScopingEnforced="true" p:discoveryRequired="true"> <property name="supportedPrincipals"> <list> <bean parent="shibboleth.SAML2AuthnContextClassRef" c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" /> <bean parent="shibboleth.SAML2AuthnContextClassRef" c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" /> <bean parent="shibboleth.SAML1AuthenticationMethod" c:method="urn:oasis:names:tc:SAML:1.0:am:password" /> <bean parent="shibboleth.SAML2AuthnContextClassRef" c:classRef="https://refeds.org/profile/mfa" /> </list> </property> </bean> |
...