Problem with SPNEGO after successfully kerberos auth
Cantor, Scott
cantor.2 at osu.edu
Wed Apr 20 13:36:40 EDT 2016
> I know the problem is in this part:
>
> 2016-04-20 17:45:36,373 - DEBUG
> [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:477] - Profile
> Action SelectAuthenticationFlow: Checking for an inactive flow or active
> result compatible with operator 'exact' and principal
> 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
> 2016-04-20 17:45:36,374 - DEBUG
> [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:80]
> - Registry located predicate factory of type
> 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory'
> for principal type 'class
> net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and
> operator 'exact'
>
> But I don't know how to solve it.
You ask the SP to stop requesting use of password authentication, basically. It would not be appropriate to configure the IdP to lie, and that's the only other way you can work around it.
-- Scott
More information about the users
mailing list