-Magnus- Super Contributor.
Super Contributor.
146 views

SAML2 CUSTOM AUTHNCONTEXT CLASS REF LIST

Hi ,
I have setup Nam to act as a sp and use external IDP, But the external IDP is pretty strict in how the AuthnRequest should be formated, and I need to specify AuthnContextClassRef like this:

    
<saml2p:RequestedAuthnContext Comparison="exact">
<saml2:AuthnContextClassRef>http://id.elegnamnden.se/loa/1.0/loa3</saml2:AuthnContextClassRef>
<saml2:AuthnContextClassRef>http://id.elegnamnden.se/loa/1.0/eidas-nf-sub</saml2:AuthnContextClassRef>
</saml2p:RequestedAuthnContext>


My intension was to use :
SAML2 CUSTOM AUTHNCONTEXT CLASS REF LIST = http://id.elegnamnden.se/loa/1.0/loa3&http://id.elegnamnden.se/loa/1.0/eidas-nf-sub

(Set this option to specify custom authentication class references. Use delimiter & to specify more than one class reference. The value of this property is set to the value of AuthnContextClassRef element of AuthnRequest.)

But no matter how I try it won't change the RequestedAuthnContext elements..

Tried on nam 4.4.4 and 4.5
any Ideas ?
best regards Magnus
0 Likes
1 Reply
-Magnus- Super Contributor.
Super Contributor.

Re: SAML2 CUSTOM AUTHNCONTEXT CLASS REF LIST

I opened a SR and got help really fast, thank you!
The solution was to on Authentication Card -> Authentication Request -> switch to "Use Types" and leave the "Authentication Types" empty, then it worked as expected.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.