<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">I thought that someone had fixed the documentation to be clearer, but it doesn't appear that they have. You need to be be sure that in the IdPs' conf/authn/gneeral-authn.xml file that you add any and all needed principal names to the authn/External bean. E.g. (if you wanted the usual Password class and also wanted it to handle REFEDS MFA. You might need to add other password-type principals depending on what any services you are integrated with might be sending as a requested authn context. You will need whateve principals you had previously listed on the authn./Shibcas bean in that same file, if you were using an older version of this plugin.)<div class=""><br class=""></div><div class=""><pre style="box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, monospace; font-size: 13.600000381469727px; margin-top: 0px; margin-bottom: 0px; word-wrap: normal; padding: 16px; overflow: auto; line-height: 1.45; background-color: rgb(246, 248, 250); border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; word-break: normal; caret-color: rgb(36, 41, 46); color: rgb(36, 41, 46);" class=""><<span class="pl-ent" style="box-sizing: border-box; color: rgb(34, 134, 58);">bean</span> <span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">id</span>=<span class="pl-s" style="box-sizing: border-box; color: rgb(3, 47, 98);"><span class="pl-pds" style="box-sizing: border-box;">"</span>authn/External<span class="pl-pds" style="box-sizing: border-box;">"</span></span> <span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">parent</span>=<span class="pl-s" style="box-sizing: border-box; color: rgb(3, 47, 98);"><span class="pl-pds" style="box-sizing: border-box;">"</span>shibboleth.AuthenticationFlow<span class="pl-pds" style="box-sizing: border-box;">"</span></span>
  <span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">p</span><span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">:</span><span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">passiveAuthenticationSupported</span>=<span class="pl-s" style="box-sizing: border-box; color: rgb(3, 47, 98);"><span class="pl-pds" style="box-sizing: border-box;">"</span>true<span class="pl-pds" style="box-sizing: border-box;">"</span></span>
  <span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">p</span><span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">:</span><span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">forcedAuthenticationSupported</span>=<span class="pl-s" style="box-sizing: border-box; color: rgb(3, 47, 98);"><span class="pl-pds" style="box-sizing: border-box;">"</span>true<span class="pl-pds" style="box-sizing: border-box;">"</span></span>
  <span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">p</span><span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">:</span><span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">nonBrowserSupported</span>=<span class="pl-s" style="box-sizing: border-box; color: rgb(3, 47, 98);"><span class="pl-pds" style="box-sizing: border-box;">"</span>false<span class="pl-pds" style="box-sizing: border-box;">"</span></span>>
    <<span class="pl-ent" style="box-sizing: border-box; color: rgb(34, 134, 58);">property</span> <span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">name</span>=<span class="pl-s" style="box-sizing: border-box; color: rgb(3, 47, 98);"><span class="pl-pds" style="box-sizing: border-box;">"</span>supportedPrincipals<span class="pl-pds" style="box-sizing: border-box;">"</span></span>>
        <<span class="pl-ent" style="box-sizing: border-box; color: rgb(34, 134, 58);">list</span>>
            <<span class="pl-ent" style="box-sizing: border-box; color: rgb(34, 134, 58);">bean</span> <span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">parent</span>=<span class="pl-s" style="box-sizing: border-box; color: rgb(3, 47, 98);"><span class="pl-pds" style="box-sizing: border-box;">"</span>shibboleth.SAML2AuthnContextClassRef<span class="pl-pds" style="box-sizing: border-box;">"</span></span>
                  <span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">c</span><span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">:</span><span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">classRef</span>=<span class="pl-s" style="box-sizing: border-box; color: rgb(3, 47, 98);"><span class="pl-pds" style="box-sizing: border-box;">"</span><a href="https://refeds.org/profile/mfa" class="">https://refeds.org/profile/mfa</a><span class="pl-pds" style="box-sizing: border-box;">"</span></span> />
              <<span class="pl-ent" style="box-sizing: border-box; color: rgb(34, 134, 58);">bean</span> <span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">parent</span>=<span class="pl-s" style="box-sizing: border-box; color: rgb(3, 47, 98);"><span class="pl-pds" style="box-sizing: border-box;">"</span>shibboleth.SAML2AuthnContextClassRef<span class="pl-pds" style="box-sizing: border-box;">"</span></span>
                  <span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">c</span><span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">:</span><span class="pl-e" style="box-sizing: border-box; color: rgb(111, 66, 193);">classRef</span>=<span class="pl-s" style="box-sizing: border-box; color: rgb(3, 47, 98);"><span class="pl-pds" style="box-sizing: border-box;">"</span>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport<span class="pl-pds" style="box-sizing: border-box;">"</span></span> />
        </<span class="pl-ent" style="box-sizing: border-box; color: rgb(34, 134, 58);">list</span>>
    </<span class="pl-ent" style="box-sizing: border-box; color: rgb(34, 134, 58);">property</span>>
</<span class="pl-ent" style="box-sizing: border-box; color: rgb(34, 134, 58);">bean</span>></pre><div class=""><br class=""></div><div><br class=""><blockquote type="cite" class=""><div class="">On Jun 20, 2020, at 5:55 AM, Mathew, Sunil <<a href="mailto:smathew@hbs.edu" class="">smathew@hbs.edu</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="WordSection1" style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 18px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">Hi,<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">We have CAS as the external server and Shibboleth (3.1.1) used to authenticate with Remote User. Instead I am trying to use CAS plugin for Shibboleth (3.4.6) authentication:<span class="Apple-converted-space"> </span><a href="https://github.com/Unicon/shib-cas-authn3" style="color: rgb(5, 99, 193); text-decoration: underline;" class="">https://github.com/Unicon/shib-cas-authn3</a><o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">But I am getting the following error:<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 9pt; font-family: Helvetica;" class="">2020-06-20T10:47:25.099968500Z shib-idp;idp-process.log;dev;nothing;2020-06-20 10:47:25,099 - 172.22.0.1 - WARN [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:219] - Profile Action PopulateAuthenticationContext: No authentication flows are active for this request<o:p class=""></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 9pt; font-family: Helvetica;" class="">2020-06-20T10:47:25.100032900Z shib-idp;idp-warn.log;dev;nothing;2020-06-20 10:47:25,099 - 172.22.0.1 - WARN [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:219] - Profile Action PopulateAuthenticationContext: No authentication flows are active for this request<o:p class=""></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 9pt; font-family: Helvetica;" class="">2020-06-20T10:47:25.199464800Z shib-idp;idp-process.log;dev;nothing;2020-06-20 10:47:25,197 - 172.22.0.1 - INFO [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:313] - Profile Action SelectAuthenticationFlow: No potential flows left to choose from, authentication failed<o:p class=""></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">Has anyone been able to use the CAS plugin for Shibboleth authentication?<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class="">Regards,<br class="">Sunil<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 11pt;" class=""><o:p class=""> </o:p></span></div></div><div style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 18px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""> <br class="webkit-block-placeholder"></div><hr style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 18px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><p style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 18px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">This email has been scanned for spam and viruses by Proofpoint Essentials. Click<span class="Apple-converted-space"> </span><a href="https://us2.proofpointessentials.com/index01.php?mod_id=11&mod_option=logitem&mail_id=1592650518-xrBgQv6nvMot&r_address=mgrady%40unicon.net&report=1" style="color: rgb(5, 99, 193); text-decoration: underline;" class="">here</a><span class="Apple-converted-space"> </span>to report this email as spam.</p><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 18px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">--<span class="Apple-converted-space"> </span></span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 18px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 18px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">For Consortium Member technical support, see<span class="Apple-converted-space"> </span></span><a href="https://wiki.shibboleth.net/confluence/x/coFAAg" style="color: rgb(5, 99, 193); text-decoration: underline; font-family: Helvetica; font-size: 18px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">https://wiki.shibboleth.net/confluence/x/coFAAg</a><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 18px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 18px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">To unsubscribe from this list send an email to<span class="Apple-converted-space"> </span></span><a href="mailto:users-unsubscribe@shibboleth.net" style="color: rgb(5, 99, 193); text-decoration: underline; font-family: Helvetica; font-size: 18px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">users-unsubscribe@shibboleth.net</a></div></blockquote></div><br class=""><div class="">
<div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;">--<br class="">Michael A. Grady<br class="">IAM Architect, Unicon, Inc.</div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class=""><br class=""></div><br class="Apple-interchange-newline">

</div>
<br class=""></div></body></html>