SSO login fails with message "The AuthnRequest with AuthnContexts is not supported"


Description

SSO login fails and the SAML Response returns a StatusCode "Responder" with the message "The AuthnRequest with AuthnContexts is not supported!"

<Response ID="xxx" InResponseTo="SNCxxx" IssueInstant="2019-08-13T19:27:46Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
    <ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">IdP</ns1:Issuer>
    <Status>
        <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
            <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported"/>
        </StatusCode>
        <StatusMessage>The AuthnRequest with AuthnContexts is not supported!</StatusMessage>
    </Status>
</Response>

Cause

The Identity Provider (IdP) does not support Service Providers sending AuthnContextClass along with AuthnRequests.

Resolution

On the IdP form, uncheck "Create AuthnContextClass" and test the connection. 

This will no longer send the AuthnContextClass along with the AuthnRequest and will let the IdP choose the authentication context class.