[keycloak-user] SAML2.0 Identity Provider modify authn context / extensions
Martin Hardselius
martin.hardselius at gmail.com
Fri Feb 24 09:36:32 EST 2017
FYI to anyone else doing stuff related to this.
I also needed to add custom authn context class references and ended up
re-implementing the SAML2AuthnRequestBuilder. Basically copy-pasting the
old one and adding the methods required to add stuff to the
RequestedAuthnContextType.
Martin
On Fri, 24 Feb 2017 at 08:43 Martin Hardselius <martin.hardselius at gmail.com>
wrote:
> Got it, thanks!
>
> On Fri, 24 Feb 2017 at 08:30 Hynek Mlnarik <hmlnarik at redhat.com> wrote:
>
> The latter, you need to extend SAMLIdentityProvider. I'd suggest adding
> extensions to the AuthnRequest via SAML2AuthnRequestBuilder.addExtension()
> method rather than supplying query params for the sake of simplicity.
>
> --Hynek
>
> On 02/23/2017 05:17 PM, Martin Hardselius wrote:
> > Hi,
> >
> > Is there an easy way to add stuff to the authn context or add extensions
> to
> > the AuthN request? Or even add query parameters to the destination url?
> >
> > Context:
> >
> > The SAML2.0 Provider I'm integrating with supports several auth methods.
> > Usually you would end up on a method select page, where the options are
> > presented to you, once you've been forwarded to the IDP. They do however
> > support selecting an option directly by modifying the authncontext. They
> > also support prefilling information by adding extensions to the authn
> > request or adding supplying it through query params. Kind of like "login
> > hint".
> >
> > So. Easy way, or do I have to extend SAMLIdentityProvider?
> >
> > Martin
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
More information about the keycloak-user
mailing list