[Concordia] RSA 2008 Demo: Scenario 2
Ashish Jain
ajain at pingidentity.com
Thu Apr 3 16:31:25 EDT 2008
>
>> A not-quite-related question: is anybody blocking the available
>> card choices based on my SAML AuthnRequests? So far it doesn't seem
>> to be making any difference what I send, I get whatever card
>> choices happen to be setup (e.g. I send "exact" for the personal
>> card mech, and I still get offered the option to use a managed card).
>>
I don't have it setup correctly. I wasn't able to find claim-type
specific cards to test the card selection process.
If you send "personal", I add issuer=self-issued in the object tag.
For the remaining authn types, I leave the issuer out (i.e.
everything is accepted).
I had been using 'givenname' as the requiredclaim (since it's
mandatory to specify at least one required claim in the object tag)
and then mapping that to the SAML Subject.
However, MS card (the one I'm using) doesn't support givenname. Hence
I added an extra tag that requires PPID (if I get givenname, I map
that to subject. Else I map PPID to the subject).
More information about the Community
mailing list