By: Alexandre Zia named 20 Aug 2020 at 5:07 p.m. CDT

1 Response
Alexandre Zia gravatar
We have configured a new trust relationship, with Databricks. IDP initiated login is working perfectly, but SP initiated is not because they are sending <RequestedAuthnContext> in AuthnRequest: <samlp:RequestedAuthnContext Comparison="exact"> <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> </samlp:RequestedAuthnContext> This is making oxauth fails to authenticate throwing this an AcrChangedException exception: Acr is changed. Session acr: casa(level: 69), current acr: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport(level: null) ACR is changed, please provide a supported and enabled acr value Is it possible to set something to ignore this RequestedAuthnContext in SP AuthnRequest? Thanks in advance.

By Alexandre Zia named 20 Aug 2020 at 5:53 p.m. CDT

Alexandre Zia gravatar
Figured out myself how to make it work. Had to edit custom script 'casa' and select PasswordProtectedTransport in SAML ACRS Then It started do correlate PasswordProtectedTransport with casa acr.