Setting requestedAuthnContext

[tibra]

On an authentication request from our ruby-saml SP, the IdP (a NetIQ instance) instantly redirects back to the SP without offering a login form. When inspecting the params, I'm seeing a SAMLResponse with a payload error:
The status code of the Response was not Success, was Responder.

The IdP logs are indicating
urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext.

On other SPs where login forms are successfully presented, the IdP is reporting:
urn:oasis:names:tc:SAML:2.0:status:Success

Answers to similar problems in php-saml and passport-saml suggest to set requestedAuthnContext to false. Is there any way of setting the requested authn context to a similar setting in ruby-saml?

What we've tried so far:

• setting authn_context to false
• setting authn_context to "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
• setting authn_context_comparison to minimum
• double checking the signing and certificates

Thank you kindly!

[pitbulk]

By default ruby-saml does not assign any value to the authn_context and authn_context_decl_ref.

That are reviewed on the create_xml_document method of authrequest.rb to create the AuthNRequest with RequestedAuthnContext or not.

So if those values are false or null, the generated AuthNRequest shouldn't contains an RequestedAuthnContext element. If it does, review if you are using not directly ruby-saml but a framework, if it set values to those setting parameters.

[tibra]

Thank you for pointing to the defaults and clearing things up, @pitbulk . After re-importing our metadata, this issue has been resolved :-)