[keycloak-user] SAML AuthnContext
Hynek Mlnarik
hmlnarik at redhat.com
Mon Jan 30 04:13:05 EST 2017
Keycloak always returns urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified AuthnContextClassRef unless AuthnStatement inclusion is disabled. If you need to handle authncontext properly, please open a JIRA feature request.
--Hynek
On 01/27/2017 12:21 AM, Muein Muzamil wrote:
> Hi all,
>
> We are trying to configure OpenAM as SAML client with KeyCloak, as part of
> SAML request it sends PasswordProtectedTransport AuthnContext (as shown
> below) and it expects this back as part of SAML response.
>
> <samlp:RequestedAuthnContext
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"Comparison="exact">
> <saml:AuthnContextClassRef
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
> </samlp:RequestedAuthnContext>
>
>
> Currently, KeyCloak always returns unspecified as AuthnContext, is there
> any way to return back AuthnContext what KeyCloak received in the request?
> <saml:AuthnContext>
> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
> </saml:AuthnContext>
>
> Regards,
> Muein
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list