-
Type:
Bug
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 11.0.3, 12.0.1, 13.0.0
-
Fix Version/s: 13.0.0
-
Component/s: documentation, SAML
-
Labels:
The ability to add custom authentication context's to a hosted IDP/SP has always been possible but before OPENAM-2238, any changes saved via the console would wipe out the custom contexts in the extended metadata.
Custom contexts can now be loaded and not lost when they are loaded via ssoadm as part of the hosted IDP/SP extended metadata and saves are made in the console. Any custom authentication contexts loaded via ssoadm are also visible in the console.
Example custom entries in the idpAuthncontextClassrefMapping element of the extended metadata for a hosted IDP:
<Attribute name="idpAuthncontextClassrefMapping"> <Value>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|1||default</Value> <Value>http://idmanagement.gov/ns/assurance/loa/4|4||</Value> <Value>http://idmanagement.gov/ns/assurance/loa/3|3||</Value> <Value>http://idmanagement.gov/ns/assurance/loa/2|2||</Value> <Value>http://idmanagement.gov/ns/assurance/loa/1|1||</Value> </Attribute>