Problem with SPNEGO after successfully kerberos auth
Maxi Fernández
melvinsoft at gmail.com
Thu Apr 21 17:57:05 EDT 2016
Scott, thanks.
I understand now why the IdP is doing the right thing. I have access to
configure the SP in the right way. The SP is using python-saml and in the
conf I found this:
// Authentication context.
// Set to false and no AuthContext will be sent in the AuthNRequest,
// Set true or don't present this parameter and you will get an
AuthContext 'exact'
'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
// Set an array with the possible auth context values: array
('urn:oasis:names:tc:SAML:2.0:ac:classes:Password',
'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'),
'requestedAuthnContext': true,
// Allows the authn comparison parameter to be set, defaults to
'exact' if the setting is not present.
'requestedAuthnContextComparison': 'exact',
So, I will try setting requestedAuthnContext to false and try again. The
metadata should stop to ask for
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
I will let you know if I have luck. :)
Thanks again Scott,
Best
Maxi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160421/b1ab2164/attachment.html>
More information about the users
mailing list