Changes

Etienne Dysli Metref · 8eed9ce1
--- a/toolbox_archive.md
+++ b/toolbox_archive.md
@@ -15,8 +15,8 @@

 Test accounts for use on [mfa-dev](https://mfa-dev.ed.switch.ch/index.html)
 ^ Username     ^ Password      ^ TOTP seed (base32)                   ^
-| ''student1'' | ''password1'' | ''QJWAYZKBYCEGOTMLVLHRWK2XR5GER4YO'' |
-| ''student2'' | ''password2'' | ''HDRCSSKZFXBBEMVT5DY74JIB425NAEZJ'' |
+| `student1` | `password1` | `QJWAYZKBYCEGOTMLVLHRWK2XR5GER4YO` |
+| `student2` | `password2` | `HDRCSSKZFXBBEMVT5DY74JIB425NAEZJ` |

 ---

@@ -134,7 +134,9 @@ Voici cependant quelques compléments qui ont été discutés en séance:
  * L'appli RH cible est exposée comme une frame via le portail portail.unige.ch qui est accessible via le mot de passe standard ISIs
    * Or l'IdP n'est pas fait pour le portail et les frames, notamment problèmes de taille et de lisibilité. Il faudrait une application/SP par écran?
    * A discuter avec l'équipe portail
-  * Voici une idée de ce que pourrait donner l'IdP MFA: ![mfa_login_form_mockup](uploads/bba6c4537bfdf4c6d0f4826b0bf64f51/mfa_login_form_mockup.png)
+  * Voici une idée de ce que pourrait donner l'IdP MFA:
+
+    ![mfa_login_form_mockup](uploads/bba6c4537bfdf4c6d0f4826b0bf64f51/mfa_login_form_mockup.png)

 ## Notes of the working session of 6.4.2016 ##

@@ -144,15 +146,15 @@ Voici cependant quelques compléments qui ont été discutés en séance:

  * Is it possible to specify the desired authentication method (SAML authnContextClassRef) on specific URLs in the Apache configuration?

-    **Yes**, according to [NativeSPApacheConfig](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig), any [content setting](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) can be given with the ''ShibRequestSetting'' directive, in particular ''authnContextClassRef'', ''authnContextComparison'' and ''forceAuthn''. Additionally, it is possible to request more than one authentication method.
+    **Yes**, according to [NativeSPApacheConfig](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig), any [content setting](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) can be given with the `ShibRequestSetting` directive, in particular `authnContextClassRef`, `authnContextComparison` and `forceAuthn`. Additionally, it is possible to request more than one authentication method.

  * Same question as above with "force authentication".

-    **Yes** with ''ShibRequestSetting forceAuthn true'', see above.
+    **Yes** with `ShibRequestSetting forceAuthn true`, see above.

  * Is there a session timeout per authentication method on the SP?

-    **Yes**, but not directly. Session timeouts can be changed per application (in the SP sense). For example, An [ApplicationOverride](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplicationOverride) could specify a [Sessions](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessions) element with MFA-specific timeouts (available settings are ''lifetime'', ''timeout'' and ''maxTimeSinceAuthn''), then this application can be referenced in the Apache configuration with ''ShibRequestSetting applicationId foo''.
+    **Yes**, but not directly. Session timeouts can be changed per application (in the SP sense). For example, An [ApplicationOverride](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplicationOverride) could specify a [Sessions](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessions) element with MFA-specific timeouts (available settings are `lifetime`, `timeout` and `maxTimeSinceAuthn`), then this application can be referenced in the Apache configuration with `ShibRequestSetting applicationId foo`.

 ### more meetings ###