...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<saml:Attribute Name="http://shibboleth.net/ns/profiles/defaultAuthenticationMethods" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue>http://example.org/ac/classes/mfa</saml:AttributeValue> </saml:Attribute> <!-- The disallowedFeatures setting is a bitmask, and 0x1 blocks SPs requesting authentication types. --> <saml:Attribute Name="http://shibboleth.net/ns/profiles/disallowedFeatures" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue>0x1</saml:AttributeValue> </saml:AttributeAttribute> |
Interceptor Flows
Triggering consent based on the SP is pretty common.
...