Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10216

IdP-initated SSO should allow to specify an AuthnContext

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 10.0.0, 10.0.1, 10.1.0-Xpress, 10.0.2, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 13.0.0, 13.5.0
    • Fix Version/s: None
    • Component/s: SAML
    • Labels:
    • Support Ticket IDs:

      Description

      per SAMLv2 spec, an AuthnContext can only be requested within an AuhnRequest sent by the SP.

      However in IdP-initiated case there is no way to trigger a specific authentication chain, module, etc.

      The IdP would use the Default Authentication Context configured for the hosted IdP.

      It would be nice if the IdP-init URLs would support a parameter (AuthnContextClassRef ) similar to the SP-init URLs.

      https://backstage.forgerock.com/docs/openam/13.5/admin-guide/chap-federation#spssoinit-parameters

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated: