RH-SSO ignores SAML PasswordProtectedTransport AuthnContext

Solution Unverified - Updated -


  • Unable to configure Adobe Analytics or OpenAM as a SAML Client/Service Provider (SP)
  • SP makes a request with

    <samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"Comparison="exact">
            <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>

    But RH-SSO responds with:


    causing the SP to reject the assertion.


  • Red Hat Single Sign-On (RH-SSO) 7
  • RH-SSO as the Identity Provider (IdP)
  • Separate Serivce Provider (SP) that requests PasswordProtectedTransport

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In