Is an authnContextClassRef of "unspecified" the same as "PasswordProtectedTransport" ?
Terry Fleury
tfleury at illinois.edu
Fri Jan 27 22:45:55 GMT 2012
During my InCommon SP Assurance Use Case testing, I discovered that passing
authnContextClassRef="urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"
from SP to IdP resulted in the IdP responding with
Shib-AuthnContext-Class="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport".
Is this the expected behavior?
I thought that if the SP requested a specific authnContextClassRef, the IdP
had to respond with that same value, or respond with an error if unable to
fulfill.
Terry Fleury
tfleury at illinois.edu
More information about the users
mailing list