RequestedAuthnContext Comparison="exact"

Cantor, Scott cantor.2 at
Tue Oct 1 18:56:11 EDT 2019

> At the bottom of that support page, there's a reference to a configuration
> checkbox labeled Requested authentication context. The strange thing is there
> actually is no option there to specify a requested authn context. The only thing
> that checkbox appears to do is to cause the AuthnRequest to include a
> parameter of the RequestedAuthnContext to say that the provided context
> must be an exact match. There is no way to indicate what the comparison
> should be made to. This seems like a mistake to ever have enabled, and I've
> given them that feedback.

Yes, that's simply a bug. They were generating outright invalid SAML.

-- Scott

More information about the users mailing list