X509Internal module and urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport AuthnContextClassRef

[Cantor, Scott]

On 6/2/22, 11:58 AM, "GALLIANO Nicolas" <nicolas.galliano at dsi.cnrs.fr> wrote:

>    And if i comment out all the util map like that :

You have to add to the map if you want it to account for something else. That's what it's there to do, but in your case this doesn't make any sense to bother with because you're starting with the wrong data to begin with. You are causing it to add a Principal that should not be there, so you have to get it to stop adding it.

>    About the supported principals by the mfa flow, it's the same with this configuration :

That's what's supported, that's not what's added to the result unless you change the defaults to tell it to auto-add them, which is not normally the right thing to do.

-- Scott