...
Code Block |
---|
<bean parent="SAML2.SSO" p:defaultAuthenticationMethods> <property name="defaultAuthenticationMethods"> <list> <bean parent="shibboleth.SAML2AuthnContextClassRef" c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken" /> </list> </property> </bean> |
is equivalent to an SP for which the configuration applies requesting this:
...
When the request to the IdP does have explicit method requirements, or a defaultAuthenticationMethod
defaultAuthenticationMethods
property is set on the applicable profile configuration, then the selection process is as follows:
...
(V3.2+ only) Lastly, a bean called shibboleth.IgnoreContextsIgnoredContexts can be defined to identify specific AuthnContextClassRef or AuthnContextDeclRef values to ignore if found in a SAML 2 <RequestedAuthnContext>
element. By default this consists of a single value, urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
, which was ignored in V2.