Hi, > Does anyone have suggestion on how to reject a user if there outer identity > doesn't match their inner identity ?
why should it? thats why the outerid can be anonymous (granted, Windows have only just added that feature in Vista and 7 - but anonymous outer ID has been in most EAP clients for a long time.) by enforcing this you force people to put their real ID into the open outer id and thus tell remote places who they are. that shouldnt be the concern of the remote site - the home site cares because they are the ones that authenticate you and validate you. alan _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
