Need to modify AuthnContextClassRef in ExternalAuth

Stefan Santesson stefan at
Mon Dec 21 15:19:06 EST 2015

On 21/12/15 20:41, "users on behalf of Cantor, Scott" <users-bounces at on behalf of cantor.2 at> wrote:

>On 12/21/15, 2:35 PM, "users on behalf of Stefan Santesson" <users-bounces at on behalf of stefan at> wrote:
>>It’s pretty standard for authn/External (I assume). Set by the following:
>You're answering much more complicated questions than I'm asking. Is this SAML 2 Browser SSO out of the box with no changes, or something else?

It’s because I’m not really sure what you want to know.

It’s a standard SAML 2 Browser SSO. Nothing out of the ordinary.
I’m running a standard installed Shib IdP V3.2.1

The only changes from the standard config is the one I posted in the previous mail, except for metadata config, attribute release and such.
Everything is working fine with server side storage. The external servlet is using standard mechanisms for handling the request back to shib.

>>I turned about everything to DEBUG. It did not give me any extra hints.
>If this is SAML 2 SSO, then you have to have log messages from the storage plugin where it tries to do the data load. If not, you cannot be running a correctly installed IdP or you're not using any profile we ship out of the box.

I attach a full debug log from restart to failed authentication with the error in the very end.


>-- Scott
>To unsubscribe from this list send an email to users-unsubscribe at
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sbhibdebug.txt
URL: <>

More information about the users mailing list