How to setup my IDP - SSO - RequestedAuthnContext

Dimitri Destin
Tera Guru

‎07-15-2021 05:29 AM

H all,

I don't find where i can setup the RequestedAuthnContext attribute in the IDP settings.

I need to send this this from our instance :

<samlp:RequestedAuthnContext Comparison="minimum" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:be:XXX:iam:fas:citizen:XXX</saml:AuthnContextClassRef> </samlp:RequestedAuthnContext>


I don't find nowhere in the settings of the IDP where and How I can enter Comparison="minimum"
When i test a connection, it works, but by default the saml send Comparison="exact"

Create AuthnContextClass is set to True
Force AuthnRequest is set to True

Can you help me?

Thank you in advance.

0 Helpfuls
  • 2,347 Views
6 REPLIES 6

Giuseppe Picare
ServiceNow Employee
ServiceNow Employee
In response to Dimitri Destin

‎04-13-2022 09:40 AM

Hi,

your post is very helpful for me but I'm not able to set an attribute to the root element "saml2p:AuthnRequest"

what I need to do is to set the  attribute AttributeConsumingServiceIndex  in the  SAML request as per example below:

<saml2p:AuthnRequest
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="https://myinstance/navpage.do"
Destination="https://myinstance/samlsso"
ForceAuthn="true"
AttributeConsumingServiceIndex = 0 
ID="SNC0967b242014a1e019a13a899f66a1281"
IsPassive="false"
IssueInstant="yyyy-mm-ddThh:mm:ss.mmmZ" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="https://myinstance/navpage.do"
Version="2.0"
>

 

Using  getChildNodes() I'm not able to set any attribute related to the root node element saml2p:AuthnRequest

 

Do you have any suggestion?

Thank you in advance

0 Helpfuls

Dimitri Destin
Tera Guru
In response to Giuseppe Picare

‎04-14-2022 12:48 AM

Hi Guiseppe,

 

Following the documentation https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0778203, i think you can do this in editing the custom script with :

 

getAuthnOptions : function() {

                                    var authGenerationOptions = {};

                                    if(this.isTestSAMLConnection()){

                                                      authGenerationOptions.assertionConsumerServiceIndex= 0;  

                                    }

                                    return authGenerationOptions;

},
0 Helpfuls