[keycloak-user] SAML AuthnContext

Muein Muzamil shmuein+keycloak-dev at gmail.com
Wed Feb 1 12:15:32 EST 2017


Added Jira ticket for this: https://issues.jboss.org/browse/KEYCLOAK-4365

On Mon, Jan 30, 2017 at 3:13 AM, Hynek Mlnarik <hmlnarik at redhat.com> wrote:

> Keycloak always returns urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
> AuthnContextClassRef unless AuthnStatement inclusion is disabled. If you
> need to handle authncontext properly, please open a JIRA feature request.
>
> --Hynek
>
> On 01/27/2017 12:21 AM, Muein Muzamil wrote:
> > Hi all,
> >
> > We are trying to configure OpenAM as SAML client with KeyCloak, as part
> of
> > SAML request it sends PasswordProtectedTransport AuthnContext (as shown
> > below) and it expects this back as part of SAML response.
> >
> > <samlp:RequestedAuthnContext
> > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"Comparison="exact">
> >         <saml:AuthnContextClassRef
> > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:
> oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</
> saml:AuthnContextClassRef>
> > </samlp:RequestedAuthnContext>
> >
> >
> > Currently, KeyCloak always returns unspecified as AuthnContext, is there
> > any way to return back AuthnContext what KeyCloak received in the
> request?
> > <saml:AuthnContext>
> > <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:
> ac:classes:unspecified</saml:AuthnContextClassRef>
> > </saml:AuthnContext>
> >
> > Regards,
> > Muein
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list