[Unity-idm-discuss] implementation doesn't support authn requests with RequestedAuthnContext

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Good morning Krzysztof,
last week we updated from version 3.4.3 to 3.5.1. This week a user
reported the following error:

"Problem occurred during authentication process.

The error is: This implementation doesn't support authn requests with
RequestedAuthnContext set.
You will be automatically redirected in 5s back to the service which
requested authentication, with the above information."

I asked the IdP as well as the SP, if they changed something and they
can not remember. Maybe this corelation between the error and unity
update is wrong, but did unity change something here? Do you know when
this error is raised by unity?

I paste the unity log below.

2021-06-15T08:46:17,369 [qtp848193662-12599] DEBUG unity.server.core.ClientIPSettingHandler: Handling client 85.16.232.92 request to URL /saml-idp/saml2idp-web?SAMLRequest=nVNNj9owEP0rke%2F5AsKqFrCioKpIu9sI0h56qRxnWKw6dtbjLLS%2Ffu1AVrRqc%2BAUZ%2Bb5vZk349n9qZbBKxgUWs1JGiXkfjFDVsuGLlt7UFt4aQFt4GAKaZeYk9YoqhkKpIrVgNRyuls%2BPtBRlNDGaKu5liTYrOfkx%2FhDBuM0mZZ7YJPxuNyn2YgE33pBd8MBEVvYKLRMWRdKRmmYTMM0K5IpnUxpehdNsuw7CfIL9UehKqGeh%2BsozyCkn4siD%2FMvu4IEa9eJUMx20gdrG6RxLPWzUNEBZH3Q0v6OKoh9m6Gomu4wcofwCCUJlohg%2FOWVVtjWYHZgXgWHr9uHv%2BnYUXiihiE22tiYOS87tvhdqPvjTMqS8Z%2FkbDrtrDBXbg83yfqKyGJY%2Fw%2FVWXyl1U%2F7yZFv1rmWgv%2B6ZdqftKmZHUb7iKjCfQel1jCFApR1zkqpjysDzMKcWNMCifu6LgsIVbeOznkLp5vWcaXrhhmBfvZwYtz2nl8Tr6RzbAv7WyYwCOOUe2oXzt3nqE3ltxm4a6zwPvgpXebyr3oW59x%2F7HjPXj%2FZxRs%3D
2021-06-15T08:46:17,370 [qtp848193662-12599] DEBUG unity.server.saml.SamlServletExtractionUtils: Got SAML request using the HTTP Redirect binding
2021-06-15T08:46:17,370 [qtp848193662-12599] WARN  unity.server.saml.ErrorHandler: SAML error is going to be returned to the SAML requester by the IdP
eu.unicore.samly2.exceptions.SAMLResponderException: This implementation doesn't support authn requests with RequestedAuthnContext set.
        at pl.edu.icm.unity.saml.validator.UnityAuthnRequestValidator.validate(UnityAuthnRequestValidator.java:71) ~[unity-server-saml-3.5.1.jar:?]
        at pl.edu.icm.unity.saml.validator.WebAuthRequestValidator.validate(WebAuthRequestValidator.java:34) ~[unity-server-saml-3.5.1.jar:?]
        at pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.validate(SamlParseServlet.java:219) ~[unity-server-saml-3.5.1.jar:?]
        at pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.processSamlRequestInterruptible(SamlParseServlet.java:143) ~[unity-server-saml-3.5.1.jar:?]
        at pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.processSamlRequest(SamlParseServlet.java:96) ~[unity-server-saml-3.5.1.jar:?]
        at pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.doGet(SamlParseServlet.java:76) ~[unity-server-saml-3.5.1.jar:?]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) ~[javax.servlet-api-3.1.0.jar:3.1.0]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[javax.servlet-api-3.1.0.jar:3.1.0]
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
        at pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(InvocationContextSetupFilter.java:74) ~[unity-server-web-common-3.5.1.jar:?]
        at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
        at pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedResource(AuthenticationFilter.java:274) ~[unity-server-web-common-3.5.1.jar:?]
        at pl.edu.icm.unity.webui.authn.AuthenticationFilter.handleNotProtectedResource(AuthenticationFilter.java:106) ~[unity-server-web-common-3.5.1.jar:?]
        at pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(AuthenticationFilter.java:83) ~[unity-server-web-common-3.5.1.jar:?]
        at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
        at pl.edu.icm.unity.engine.api.utils.HiddenResourcesFilter.doFilter(HiddenResourcesFilter.java:49) ~[unity-server-engine-api-3.5.1.jar:?]
        at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(ClientIPSettingHandler.java:67) ~[unity-server-engine-3.5.1.jar:?]
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322) ~[jetty-rewrite-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:766) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.java:216) ~[unity-server-engine-3.5.1.jar:?]
        at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:540) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:395) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
        at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_272]

Best regards,
Sander
-- 
Federated Systems and Data
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior
-----------------------------------------------------------------------
-----------------------------------------------------------------------

[Unity-idm-discuss] implementation doesn't support authn requests with RequestedAuthnContext

Identity management and federations integration

[Unity-idm-discuss] implementation doesn't support authn requests with RequestedAuthnContext