Missing keys in SAML AuthnRequest (delegated authentication)
49 views
Skip to first unread message
Giacomo Sommavilla
Mar 26, 2021, 10:56:42 AM3/26/21
to CAS Community
Hi everybody,
I am making some progress in building an Apereo CAS demo server with
delegated authentication with SAML2 (for integrating with italian SPID
system).
I am testing against a test IDP instance. I have been able to
generate a compliant SP metadata file (although with some manual
editing).
Now the test IDP instance is complaining about the
SAML AuthnRequest that is receiving from my delegated CAS.
In particular, the AuthnRequest lacks these two keys:
AuthnRequest/NameIDPolicy required key not provided
AuthnRequest/RequestedAuthnContext required key not provided
For reference, the keys should look like this:
<saml2p:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
<saml2p:RequestedAuthnContext Comparison="exact">
<saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
<saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword</saml2:AuthnContextClassRef>
<saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard</saml2:AuthnContextClassRef>
</saml2p:RequestedAuthnContext>
How can I configure the server to include "NameIDPolicy" and
"RequestedAuthnContext" keys in the request?
Thanks and regards,
Giacomo
Giacomo Sommavilla
Mar 29, 2021, 3:54:12 AM3/29/21
to cas-...@apereo.org
Sorry if i'm being pushy, I would like to ask again how it is possible
to insert the keys saml2p:RequestedAuthnContext and
saml2p:NameIDPolicy in the SAML request.
Thank you,
Giacomo
to insert the keys saml2p:RequestedAuthnContext and
saml2p:NameIDPolicy in the SAML request.
Thank you,
Giacomo
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/O3YSBJJyiKQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d921cd7-d863-4494-8092-4db2fcfc85bfn%40apereo.org.
Reply all
Reply to author
Forward
0 new messages