We have a use case that means we need to reject SAML logins that didn't have the right authentication mode from the IDP, but with some application logic rather than just rejecting the assertion.
This seems like potentially useful downstream information for library users anyway.
We have a use case that means we need to reject SAML logins that didn't have the right authentication mode from the IDP, but with some application logic rather than just rejecting the assertion.
This seems like potentially useful downstream information for library users anyway.