Check that the response has all of the AuthnContexts that we provided… #97
Conversation
|
|
Ok, I've added failOnAuthnContextMismatch, off by default. I've also added a way for the client to inspect the last authentication contexts, as well as providing a more descriptive error message on failure. I've squashed my commits down to a single commit in the pull request, but you can view the changes as separate commits at https://github.com/jeffFranklin/python3-saml/tree/authn_contexts. |
|
I owe a fuller explanation as to why I'm requesting the change. Our organization has a need to be able to verify that the authentication context is the one we expect. We have two contexts that we care about, one being the basic password authentication, and the other being password authentication with two-factor authentication (TimeSyncToken). There currently is no way in this library to distinguish between the two. What my change does is two-fold - it exposes the context classes to the saml client, and, with I was unsure the way to get the issue on python3-saml's radar, and I saw the changes needed, hence the pull request. Is there something else I need to be doing? I understand that there are a multitude of libraries for the different languages that need to be kept in alignment, but is there anything that I could be doing to keep the ball rolling? |
|
Sorry for the delay. I hope to provide more feedback/merge the PR this week. |
|
Ok. Thanks for the update! - Jeff |
|
Use of this toolkit is gaining interest at my organization. Is there anything I can do to assist in the evaluation of this pull request? I've rebased with your latest at https://github.com/jeffFranklin/python3-saml/tree/auth-context-2fa. I can do that on this pull request if that would help. Thanks! -Jeff |
… in the request.