[keycloak-user] SAML2.0 Identity Provider modify authn context / extensions

Bill Burke bburke at redhat.com
Fri Feb 24 10:57:03 EST 2017 

If you can come up something that is usable by others we'd love a PR.  
Documentation and testing would be important part of this.


On 2/24/17 9:36 AM, Martin Hardselius wrote:
> FYI to anyone else doing stuff related to this.
>
> I also needed to add custom authn context class references and ended up
> re-implementing the SAML2AuthnRequestBuilder. Basically copy-pasting the
> old one and adding the methods required to add stuff to the
> RequestedAuthnContextType.
>
> Martin
>
>
> On Fri, 24 Feb 2017 at 08:43 Martin Hardselius <martin.hardselius at gmail.com>
> wrote:
>
>> Got it, thanks!
>>
>> On Fri, 24 Feb 2017 at 08:30 Hynek Mlnarik <hmlnarik at redhat.com> wrote:
>>
>> The latter, you need to extend SAMLIdentityProvider. I'd suggest adding
>> extensions to the AuthnRequest via SAML2AuthnRequestBuilder.addExtension()
>> method rather than supplying query params for the sake of simplicity.
>>
>> --Hynek
>>
>> On 02/23/2017 05:17 PM, Martin Hardselius wrote:
>>> Hi,
>>>
>>> Is there an easy way to add stuff to the authn context or add extensions
>> to
>>> the AuthN request? Or even add query parameters to the destination url?
>>>
>>> Context:
>>>
>>> The SAML2.0 Provider I'm integrating with supports several auth methods.
>>> Usually you would end up on a method select page, where the options are
>>> presented to you, once you've been forwarded to the IDP. They do however
>>> support selecting an option directly by modifying the authncontext. They
>>> also support prefilling information by adding extensions to the authn
>>> request or adding supplying it through query params. Kind of like "login
>>> hint".
>>>
>>> So. Easy way, or do I have to extend SAMLIdentityProvider?
>>>
>>> Martin
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list