RequestedAuthnContext Comparison="exact"
Cantor, Scott
cantor.2 at osu.edu
Tue Oct 1 18:56:11 EDT 2019
> At the bottom of that support page, there's a reference to a configuration
> checkbox labeled Requested authentication context. The strange thing is there
> actually is no option there to specify a requested authn context. The only thing
> that checkbox appears to do is to cause the AuthnRequest to include a
> parameter of the RequestedAuthnContext to say that the provided context
> must be an exact match. There is no way to indicate what the comparison
> should be made to. This seems like a mistake to ever have enabled, and I've
> given them that feedback.
Yes, that's simply a bug. They were generating outright invalid SAML.
-- Scott
More information about the users
mailing list