Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-5224

Fill in saml2p:AuthnRequest section

    XMLWordPrintable

    Details

    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      we are trying to use Keycloak as identity broker to an external SAML2 idp (Shibboleth).
      The identification request are not accepted from that idp because in the request xml they expect these lines:

        <saml2p:RequestedAuthnContext Comparison="exact">
           <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                     urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
           </saml2:AuthnContextClassRef>
        </saml2p:RequestedAuthnContext>
      

      that have to be nested in the saml2p:AuthnRequest tag.
      Searching the web we understood that, with Keycloak as a SAML2 idp, there are only two option for AuthnContextClassRef: disable AuthnContext or have urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified while there are no documentation for Keycloak as broker to an external SAML2 idp.
      We need to add these information into our requests otherwise they will be rejected.

      Can you add this feature to manage and a gui to configure this options?

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              denis.miorandi_jira Denis Miorandi (Inactive)
              Votes:
              10 Vote for this issue
              Watchers:
              20 Start watching this issue

                Dates

                Created:
                Updated: