KEYCLOAK-14891 SAML Identity Broker - Allow requesting specific AuthnContexts

[Luca Leonardo Scorcia]

Hi Team,

I have prepared a pull request that adds to the SAML Identity Broker the ability to request to remote IdPs one or more specific AuthenticationContexts (https://github.com/keycloak/keycloak/pull/7292, https://issues.redhat.com/browse/KEYCLOAK-14891).

I tried to separate the plumbing commits from the UI ones, so it would be easier to handle in case two separate issues were required.

The changes are pretty simple but before going on and write some unit tests and update the user docs, I'd appreciate a quick review of the general approach:

• As far as I could see, the Identity Provider configuration does not support multi-valued parameters. Is the workaround of concatenating values on the client the correct solution? It seems a bit clumsy... Would a serialized JSON array be better?
  
• Should I keep the additional configuration values in the same "SAML Config" UI section, or is it better to group them in a dedicated section like I did?
• Right now the code generates the RequestedAuthnContext element if either ClassRefs or DeclRefs are set. Would it be more intuitive to add a boolean flag that hides/shows the appropriate section?
• I am not a native English speaker, so any improvement to the translation strings would be welcome.

There is a bit of confusion between the original pull request/JIRA issue intent and the actual feature as implemented. I would be perfectly fine with closing it and opening a new one with a better description if necessary.

Thanks for the help!

[Luca Leonardo Scorcia]

Hi, I have closed issue KEYCLOAK-14891 and its associated pull request since a better description and implementation are available at https://issues.redhat.com/browse/KEYCLOAK-14961 , https://github.com/keycloak/keycloak/pull/7307 .

I have switched to JSON-encoded storage for the attribute values, added tests and now I think it's ready for review.

Thanks for your help!