Need to modify AuthnContextClassRef in ExternalAuth

Stefan Santesson stefan at
Mon Dec 21 14:10:17 EST 2015

I just managed to solve this particular problem by setting:


For server side storage service


From:  users <users-bounces at> on behalf of Stefan Santesson <stefan at>
Reply-To:  Shib Users <users at>
Date:  Monday 21 December 2015 at 20:00
To:  Shib Users <users at>
Subject:  Re: Need to modify AuthnContextClassRef in ExternalAuth

Scott and Cristopher

Does the problem happen only when you enable shibboleth.authn.External.addDefaultPrincipals and request a specific auth type or all of the time?  Did you create your own principal class - which might have serialization issues? 

No I have tried turning that on and off. Same problem.

Did this problem happen before you upgraded to 3.2.1?


The profile flow isn't performing the "load" step required by the new client storage plugin. That's handled automatically by the standard flows, so I have to assume this isn't a standard one and your customization is out of sync with the IdP's core code.

-- Scott

This is a standard auth/External flow (if that counts as a standard flow).
I have read something in the documentation “” that there is a new web storage plugin to be used instead of the cookie-based storage plugin.
I have tried commenting away in web.xml everything related to cookie based storage as suggested in the documentation.

The result is that my IdP does not store any cookie, nor any web storage in my web browser.

I have turned on

No luck here. At all.

How do can I perform the “load” step required?

-- To unsubscribe from this list send an email to users-unsubscribe at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list