-
Task
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
When filtering authentication mechanisms we need to really be able to offer two modes: -
1 - Only offer a mech if we are sure it is supported.
Risks only offering a weaker mechanism in a mixed domain but also eliminates mechanisms that could fail for a valid user that just happens to have a different credential type.
2- More general support.
i.e. offer the mechs that may be supported.