Odd SP behavior re authn context
Cantor, Scott
cantor.2 at osu.edu
Sat Oct 9 03:18:30 UTC 2021
On 10/8/21, 3:20 PM, "users on behalf of mat houser" <users-bounces at shibboleth.net on behalf of mhouser at uwm.edu> wrote:
> In the authn request it's requesting this:
The IdP defaults to ignoring "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified" in any requests (it's a set of ignored values that's in the configuration in a bean called shibboleth.IgnoredContexts), so if an SP requested that, the IdP would act as though nothing was requested and would NOT return an error.
But yes, it's nonsensical to ask for "better than unspecified", that makes no sense as you correctly inferred.
-- Scott
More information about the users
mailing list