Sanity check: How to change the AuthnContextClassRef contents in IdP Assertions

429 views
Skip to first unread message

Jason

unread,
Oct 14, 2011, 11:42:45 AM10/14/11
to simpleSAMLphp
Hello All,

I have setup an IdP using simpleSAMLphp and I want to set the
AuthnContextClassRef contents to urn:oasis:names:tc:SAML:
2.0:ac:classes:PasswordProtectedTransport in the Assertions. I have
the IdP running on HTTPS, so is the only other thing I need to do is
change SAML2_Const::AC_PASSWORD from urn:oasis:names:tc:SAML:
2.0:ac:classes:Password to urn:oasis:names:tc:SAML:
2.0:ac:classes:PasswordProtectedTransport?

Thanks!
Jason

Olav Morken

unread,
Oct 18, 2011, 6:33:11 AM10/18/11
to simple...@googlegroups.com

That isn't really the proper way to set this parameter, since it
may/will break in future releases. With simpleSAMLphp from subversion,
you can set it using the saml:AuthnContextClassRef filter, but that
filter isn't included in a release of simpleSAMLphp yet.

However, it should be compatible with version 1.8, so it should be
possible to just add it to the release if you want to use it. It can
be downloaded from:

http://simplesamlphp.googlecode.com/svn/trunk/modules/saml/lib/Auth/Process/AuthnContextClassRef.php


It can be used by adding something like the following to your
saml20-idp-hosted.php metadata file:


'authproc' => array(
97 => array(
'class' => 'saml:AuthnContextClassRef',
'AuthnContextClassRef' => 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport',
),
),


Regards,
Olav Morken
UNINETT / Feide

Reply all
Reply to author
Forward
0 new messages