Odd SP behavior re authn context

Cantor, Scott cantor.2 at osu.edu
Sat Oct 9 03:18:30 UTC 2021

On 10/8/21, 3:20 PM, "users on behalf of mat houser" <users-bounces at shibboleth.net on behalf of mhouser at uwm.edu> wrote:

>    In the authn request it's requesting this:

The IdP defaults to ignoring "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified" in any requests (it's a set of ignored values that's in the configuration in a bean called shibboleth.IgnoredContexts), so if an SP requested that, the IdP would act as though nothing was requested and would NOT return an error.

But yes, it's nonsensical to ask for "better than unspecified", that makes no sense as you correctly inferred.

-- Scott

More information about the users mailing list