Highlighted
Anonymous_User Absent Member.
Absent Member.
279 views

Custom Value for AuthnContextClassRef (Authentication Type)


Hi,

I have NAM configured to act as Service Provider with SAML2. The owner
of the Identity Provider has requested that we send a custom value for
saml:AuthnContextClassRef in our authentication request. Something
like:


Code:
--------------------

<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef>urn:example:names:idm:foo:saml2.0:ac:classes:FooEnhancedAuthentication</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>

--------------------


Is this possible in NAM? It looks like there are six available types
(Name Password, Secure Name Password, X509…) and I haven't been able to
identify a way to add more.

I can use Contracts instead of types and it is possible to add custom
Contracts however the Authentication Request then uses
AuthnContextDeclRef which is not what the third party wants from us.

Can I do what they want in NAM? How?

Thanks


--
sbhyland
------------------------------------------------------------------------
sbhyland's Profile: https://forums.netiq.com/member.php?userid=3013
View this thread: https://forums.netiq.com/showthread.php?t=46978

0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Custom Value for AuthnContextClassRef (Authentication Type)

sbhyland,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your issue been resolved? If not, you might try one of the following options:

- Visit http://www.netiq.com/support and search the knowledgebase and/or check all
the other support options available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.netiq.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.netiq.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your NetIQ Forums Team
http://forums.netiq.com


0 Likes
wcscis Absent Member.
Absent Member.

Re: Custom Value for AuthnContextClassRef (Authentication Type)

On 3/1/2013 10:54 AM, sbhyland wrote:
>
> Hi,
>
> I have NAM configured to act as Service Provider with SAML2. The owner
> of the Identity Provider has requested that we send a custom value for
> saml:AuthnContextClassRef in our authentication request. Something
> like:
>
>
> Code:
> --------------------
>
> <samlp:RequestedAuthnContext Comparison="exact">
> <saml:AuthnContextClassRef>urn:example:names:idm:foo:saml2.0:ac:classes:FooEnhancedAuthentication</saml:AuthnContextClassRef>
> </samlp:RequestedAuthnContext>
>
> --------------------
>
>
> Is this possible in NAM? It looks like there are six available types
> (Name Password, Secure Name Password, X509�) and I haven't been able to
> identify a way to add more.
>
> I can use Contracts instead of types and it is possible to add custom
> Contracts however the Authentication Request then uses
> AuthnContextDeclRef which is not what the third party wants from us.
>
> Can I do what they want in NAM? How?
>
> Thanks
>
>

Looks like you would have to build a custom class.
The method getType() returns the one of nine values and it is hard coded in the method.

I don't think you can stray from those nine but there is one that is other. I would probably see if
the SP can make a modification to request something in the list. You might look in the SDK guide
for some options. I suspect this is an enhancement request though.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.