...
| Title | Dynamic errorURL |
|---|---|
| Description | After login at a service the service (SP) may be missing some information or requirements of the login, for example
There currently is no best-practice for how a service should inform users of non-technical shortcomings of logins. It would be convenient if IdP:s could supply URL:s to different support pages that services could referer to depending on pre-defined problems with logins. Many login problems are not detected until after login. ACAMP at TechEx had a session regarding this. Notes and Post-ACAMP work are available at https://bit.ly/2rOYgl1 |
| Proposer | Pål Axelsson |
| Resource requirements | A short term working-group to write up an errorURL profile with recommendations |
| +1's | Albert Wu, Fredrik Domeij |
| Title | Make Microsoft ADFS handle REFEDS MFA Profile |
|---|---|
| Description | REFEDS MFA Profile uses the authnContextClassRef https://refeds.org/profile/mfa in the SAMLRequest to signal that MFA should be used for authentication. Microsoft ADFS cannot handle this authnContextClassRef and returns a FatalProfileException during authentication. Diskussion notes from TechEx ACAMP session regarding REFEDS MFA in ADFS: https://bit.ly/2RTPgGb |
| Proposer | Fredrik Domeij <fredrik.domeij@umu.se> |
| Resource requirements | A working-group to help Microsoft add support for REFEDS MFA in ADFS, or to find a work-around to make ADFS usable in REFEDS MFA authentcation |
| +1's | Tommy Larsson <tommy.larsson@umu.se>, Johan Peterson <johan.peterson@liu.se>, Pål Axelsson |