Cause:

If you are receiving the following error:

This may be caused for the following reasons:

• The AuthnContextClassRef value may be missing from the SAML assertion being passed to Webex.
• The AuthnContextClassRef value in the SAML assertion doesn't match what is entered in the SSO Configuration page.
• Your company may be using an ADFS proxy for external users to login with. This causes the SAML assertion to have two different AuthnContextClassRef values depending on where the end user is logging in from (External vs Internal).

To troubleshoot the issue:

1. In your SAML assertion code, verify the AuthnContextClassRef value is present.
2. Verify the AuthnContextClassRef value in the Cisco Webex Meetings Site Administration matches what is entered in the Webex SSO configuration page.

1. Log in to your Cisco Webex Meetings Site Administration page. (Example: https://SITENAME.webex.com/admin.php)
2. Click Configuration in the left panel.
3. Click Common Site Settings > SSO Configuration.
4. In the Federated Web SSO Configuration section, verify the value in the AuthnContextClassRef: field matches what is entered in the SAML assertion.

1. Log in to your Cisco Webex Meetings Site Administration page.
2. Click Configuration in the left panel.
3. Click Common Site Settings > SSO Configuration.
4. Change the AuthnContextClassRef: field value to: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport;urn:oasis:names:tc:SAML:2.0:ac:classes:Password;urn:federation:authentication:windows;urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified

If the issue persists after performing the steps in this article, contact the Webex technical support. For help, see: WBX162 - How Do I Contact Webex Customer Services or Technical Support?