Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17151

Extend the IDPAuthnContextMapper interface to access the http request object

    XMLWordPrintable

    Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 6.5.2, 7.0.1
    • 6.5.4, 7.1.0
    • SAML
    • Rank:
      1|i02g5i:
    • AM Sustaining Sprint 81
    • 3

      Description

      At the moment, the IDPAuthnContextMapper has access to the incoming SAML2 AuthnReqest:

      https://backstage.forgerock.com/docs/am/6.5/apidocs/com/sun/identity/saml2/plugins/IDPAuthnContextMapper.html 

      However, in the case of IDP-Initiated SSO, there is no SAML2 AuthnRequest, as a result, IDP is unaware of the SP involved. The request is to extend the IDPAuthnContextMapper interface and provide access to the HTTP request object, specifically to the #getIDPAuthnContextInfo method.

      The HTTP request object will include the spEntityID as a query parameter and IDP can make decisions per-SP.

      This will be needed for OPENAM-16541.

        Attachments

          Issue Links

            Activity

              People

              lawrence.yarham Lawrence Yarham
              anastasios.kampas Anastasios Kampas
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: