Details

    • Type: Feature Request
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Duplicate Issue
    • Affects Version/s: 2.5.1.Final
    • Fix Version/s: None
    • Component/s: SAML
    • Labels:
      None
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      We are trying to configure OpenAM as SAML client with KeyCloak, as part of SAML request it sends PasswordProtectedTransport AuthnContext (as shown below) and it expects this back as part of SAML response.

      <samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"Comparison="exact">
              <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
      </samlp:RequestedAuthnContext>
      

      Currently, KeyCloak always returns urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified AuthnContextClassRef unless AuthnStatement inclusion is disabled. There should be an option to be able to return different AuthnContextClassRef.

      	<saml:AuthnContext>
      		<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
      	</saml:AuthnContext>
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  mmuzamil Muein Muzamil
                • Votes:
                  2 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: