Keycloak always returns urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
AuthnContextClassRef unless AuthnStatement inclusion is disabled. If you need to handle
authncontext properly, please open a JIRA feature request.
--Hynek
On 01/27/2017 12:21 AM, Muein Muzamil wrote:
Hi all,
We are trying to configure OpenAM as SAML client with KeyCloak, as part of
SAML request it sends PasswordProtectedTransport AuthnContext (as shown
below) and it expects this back as part of SAML response.
<samlp:RequestedAuthnContext
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"Comparison="exact">
<saml:AuthnContextClassRef
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
Currently, KeyCloak always returns unspecified as AuthnContext, is there
any way to return back AuthnContext what KeyCloak received in the request?
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
Regards,
Muein
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user