[keycloak-dev] Fwd: Add SAML Extensions (and AuthContext) as another client note to the AuthenticationSessionModel in SamlService

[Roland]

Any remarks on this? Did anyone get the chance to take a look? Stian?

Thanks!
Roland

---------- Forwarded message ---------
Von: Roland <contributing.to.keycloak at gmail.com>
Date: Mi., 19. Juni 2019 um 14:04 Uhr
Subject: Add SAML Extensions (and AuthContext) as another client note to
the AuthenticationSessionModel in SamlService
To: <keycloak-dev at lists.jboss.org>


Hello,

when a SAML Request is received in Keycloak, the method loginRequest in
abstract class BindingProtocol in class
org.keycloak.protocol.samlSamlService puts the information from the request
into the AuthenticationSessionModel in this section of code:

            authSession.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
            authSession.setRedirectUri(redirect);
            authSession.setAction(
AuthenticationSessionModel.Action.AUTHENTICATE.name());
            authSession.setClientNote(SamlProtocol.SAML_BINDING,
bindingType);
            authSession.setClientNote(GeneralConstants.RELAY_STATE,
relayState);
            authSession.setClientNote(SamlProtocol.SAML_REQUEST_ID,
requestAbstractType.getID());

What we are missing here is the SAML Extensions, which happen to be in the
SAML Request which we receive, and which we want to pass on to a brokered
external Identity Provider.

For example something like this:

            ExtensionsType et = requestAbstractType.getExtensions();

            List<Object> list = et.getAny();
            <create some kind of String representation>
            authSession.setAuthNote("SAML_EXTENSION", <the String
representation>);

In the same way we would also like access to the AuthContext through the
authSession.

I would offer to contribute this if the community approves the idea.

Thanks and Regards,
Roland