AnsweredAssumed Answered

The AuthnRequest with AuthnContexts is not supported!

Question asked by SamWalker on Mar 1, 2018
Latest reply on Mar 2, 2018 by SamWalker

Hello, I am having trouble getting SAML integration work with a new cloud SP. SM seems to be having an issue with SAML request sent by these folks. Appreciate anyone throwing insights on it.

SM goes through all authentication/auhtorization fine before creating a SAML response with ERROR as shown below.

SAML Request:

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_5d34a49f-5b71-4713-9afc-830a07618aac" Version="2.0" IssueInstant="2018-03-01T23:12:49Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://spcloud.com/control=samlResponse"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">sp cloud</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /><samlp:RequestedAuthnContext Comparison="exact"><saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext></samlp:AuthnRequest>


SAML Response from SM:

<Response ID="_492aebe2cbd32a85ed3c50bcde2249b8360d" InResponseTo="_10699901-7353-4328-b750-fcca4cdb1874" IssueInstant="2018-03-01T22:59:47Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
<ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">IdP</ns1:Issuer>
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported"/>
</StatusCode>
<StatusMessage>The AuthnRequest with AuthnContexts is not supported!</StatusMessage>
</Status>
</Response>

Outcomes