Need to modify AuthnContextClassRef in ExternalAuth
stefan at aaa-sec.com
Mon Dec 21 14:10:17 EST 2015
I just managed to solve this particular problem by setting:
For server side storage service
From: users <users-bounces at shibboleth.net> on behalf of Stefan Santesson <stefan at aaa-sec.com>
Reply-To: Shib Users <users at shibboleth.net>
Date: Monday 21 December 2015 at 20:00
To: Shib Users <users at shibboleth.net>
Subject: Re: Need to modify AuthnContextClassRef in ExternalAuth
Scott and Cristopher
Does the problem happen only when you enable shibboleth.authn.External.addDefaultPrincipals and request a specific auth type or all of the time? Did you create your own principal class - which might have serialization issues?
No I have tried turning that on and off. Same problem.
Did this problem happen before you upgraded to 3.2.1?
The profile flow isn't performing the "load" step required by the new client storage plugin. That's handled automatically by the standard flows, so I have to assume this isn't a standard one and your customization is out of sync with the IdP's core code.
This is a standard auth/External flow (if that counts as a standard flow).
I have read something in the documentation “https://wiki.shibboleth.net/confluence/display/IDP30/StorageConfiguration” that there is a new web storage plugin to be used instead of the cookie-based storage plugin.
I have tried commenting away in web.xml everything related to cookie based storage as suggested in the documentation.
The result is that my IdP does not store any cookie, nor any web storage in my web browser.
I have turned on idp.storage.htmlLocalStorage=true
No luck here. At all.
How do can I perform the “load” step required?
-- To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users