...
The Multi-Context Broker (MCB) is an extension to the Shibboleth IdP that improves Shibboleth's handling of multiple authentication methods, including multi-factor authentication, as well as multiple authentication contexts and assurance profiles. This document contains information about the MCB, what it can be used for, and how it is installed and configured.
Wiki Markup
| Table of Contents | ||||
|---|---|---|---|---|
|
...
| Info | ||
|---|---|---|
| ||
Dick's campus Identity Provider (IdP) supports two forms of authentication, one requires Dick to enter a user name and password, and the other also requires Dick to prove he is in possession of his cell phone. Some Service Providers (SP) require user name and password, and some also require the cell phone. The campus has decided, however, that the cell phone method can always be used, even when only user name and password is requested by the SP. When Dick browses to an SP requiring user name and password, he is prompted accordingly, and he is no longer prompted for the rest of his session, unless he browses to an SP requiring the cell phone method. In that case, his cell phone alerts him for confirmation, and he then is no longer prompted for any SP during the rest of his session. If the first SP he accesses requires the cell phone method, he will not be prompted again for the rest of the session, regardless of which SPs he uses. In order to provide Dick with choices to protect his online identity, Dick's campus allows him to opt out of ever authenticating without using the cell phone method. After choosing that option, he is always prompted to use the cell phone method, even when it is not required by the services he uses. |
...