When returning AuthLevel as attribute in an assertion, OpenAM (as IdP) sometimes returns a non-Integer number. This was observed in the context of session upgrade to a higher level of assurance.
scenario can be reproduced with these steps
- Create a SP: http://sp.example.com:38080/openam
- Create a IdP: http://idp.example.net:28080/openam
- Make HTTP-POST the default so you can see the SAML Response in SAML Tracer
- Create a chain chain2 with an authentication module of auth level 2
- In Idp > Assertion Content > Authentication Context select both Password and PasswordProtectedTransport; for password, select key: Service Value: chain2 Level: 2
- In IdP > Assertion Processing > attribute Map insert authevel=AuthLevel
- Initiate sp federation with:
You should see in the assertion the following attribute:
- Initiate sp federation again (don't clear the browser) with:
Should see in the assertion:
Returns the following in the assertion (with the realm in front of the AuthLevel value)
The same error was observed in a subrealm.