We need to the ability to allow the OSP to authenticate users coming from more than just the URL set in the Web Authentication Policy. For example, we have four smartphone URLs for our various sites which are geographically based. The Smartphone enrollment via Link fails because the authentication request comes from the Smartphone URL and doesn't match the URL set for the Web Authentication Policy.
It would be ideal if the OSP could accept authentication requests from multiple URLs. This could be easily achieved by allowing a "whitelist" of URLs in the Web Authentication Policy. The OSP can check the URL of the authentication request against this list rather just the one URL. Security would still be in place but the OSP would be more flexible.