How to setup my IDP - SSO - RequestedAuthnContext

Dimitri Destin · ‎07-15-2021

H all,

I don't find where i can setup the RequestedAuthnContext attribute in the IDP settings.

I need to send this this from our instance :

<samlp:RequestedAuthnContext Comparison="minimum" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:be:XXX:iam:fas:citizen:XXX</saml:AuthnContextClassRef> </samlp:RequestedAuthnContext>

I don't find nowhere in the settings of the IDP where and How I can enter Comparison="minimum"
When i test a connection, it works, but by default the saml send Comparison="exact"

Create AuthnContextClass is set to True
Force AuthnRequest is set to True

Can you help me?

Thank you in advance.

Allen Andreas · ‎07-15-2021

Hi,

Please insert what you need to pass in this section and notice these settings I've identified:

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Dimitri Destin · ‎07-15-2021

Hi,

Thank you for your help.

In this field i inserted urn:be:XXX:iam:fas:citizen:XXX but i need to know where and how insert Comparison="minimum

I need to gett this :

<samlp:RequestedAuthnContext Comparison="minimum" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:be:XXX:iam:fas:citizen:XXX</saml:AuthnContextClassRef> </samlp:RequestedAuthnContext>

and now I get:

<saml2p:RequestedAuthnContext Comparison="exact"> <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:be:XXXiam:fas:citizen:XXX</saml2:AuthnContextClassRef> </saml2p:RequestedAuthnContext> </saml2p:AuthnRequest>

Regards,

Dimitri Destin · ‎07-16-2021

<samlp:RequestedAuthnContext Comparison="minimum" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:be:XXX:iam:fas:citizen:XXX</saml:AuthnContextClassRef> </samlp:RequestedAuthnContext>

that is easy to add urn:be:XXX:iam:fas:citizen:XXX

But the RequestedAuthnContext is not a setting in the IDP form.

I think that I have to adapt and customize an SSO Script, but i don't find where.

Note that we use the last Multi SSO SAML 2 = MultiSSOv2_SAML2_custom

Dimitri Destin · ‎07-28-2021

I found the solution and I post here to help other people with the same problem.

We use the Last MultiSSOV2, so we have to customize the SSO following this article :

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0778203

In our instance, i have modify the Saml custom script : SAML2_custom by adding this function :

    customizeAuthnRequest: function() {

        //Customization through Request DOM Element
        var xmlRequestElement = this.glidesaml2api.getGeneratedReqElemDOM();
        var nodeList = xmlRequestElement.getChildNodes();
        var RequestedAuthnContextElement = null;
        for (var i = 0; i < nodeList.getLength(); i++) {
            if ("saml2p:RequestedAuthnContext".equalsIgnoreCase(nodeList.item(i).getNodeName())) {
                RequestedAuthnContextElement = nodeList.item(i);
                break;
            }
        }
        if (RequestedAuthnContextElement != null) {
            RequestedAuthnContextElement.setAttribute("Comparison", "minimum");
        }
        this.glidesaml2api.setCustomizedReqElemDOM(xmlRequestElement);

    },