MFA with specific authnContextClassRef

Cantor, Scott cantor.2 at
Wed Aug 8 17:44:06 EDT 2018

> The SP is requesting authnContextClassRef of
> and the idp errors with "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext"
> unless I add that classRef to supportedPrincipals of authn/Password, which is
> confusing to me. I didn't think that was needed and I think that would lead to
> mfaCtx.isAcceptable() always returning true?

That's correct, you have something wrong somewhere. Nothing obvious.

-- Scott

More information about the users mailing list