Problem with SPNEGO after successfully kerberos auth

Cantor, Scott cantor.2 at
Thu Apr 21 20:13:02 EDT 2016

> Scott, thanks.
> I understand now why the IdP is doing the right thing. I have access to
> configure the SP in the right way. The SP is using python-saml and in the conf
> I found this:

If that's Roland's code, and that's the default, it's probably worth suggesting that he change that.

> So, I will try setting requestedAuthnContext to false and try again. The
> metadata should stop to ask for urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

It's not in any metadata, it's the actual request from the SP.

-- Scott

More information about the users mailing list