Set requestedAuthnContext to null

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of annouar annouar 1 week, 2 days ago.

  • Author
    Posts
  • #15855
    Profile photo of annouar annouar 
    Participant

    Hello everyone !

    I am trying to implement an IDP Proxy that let the user choose the IdP he wants to use. To do this, I have partly followed this https://wikis.forgerock.org/confluence/display/openam/SAMLv2+IDP+Proxy+Part+2.+Using+an+IDP+Finder+and+LOAs. Almost because I do not want to use LOA for now : I only want to display all IdPs linked to my IdP Proxy.

    My config is the following one :
    SP (machinea.sp.com:8080)
    |
    IdP Proxy (machineb.idpproxy.com:8080)
    |
    IdP 1 (clienta.idp.com:8080)

    After setting all the configuration, I init SOO with the call :
    http://machinea.sp.com:8080/openam/saml2/jsp/spSSOInit.jsp?metaAlias=/sp&idpEntityID=http://machineb.idpproxy.com:8080/openam&NameIDFormat=transient
    but it redirects me to my IdP Proxy login page. I followed Federation debug file and I’ve found

    libSAML2:02/17/2017 11:26:11:074 AM UTC: Thread[http-nio-8080-exec-1,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-243]
    SAML2IDPPRoxyFRImpl.selectIdPBasedOnLOA: No extensions found for IdP http://clienta.idp.com:8080/openam

    I’ve found also in the src/main/java/com/sun/identity/saml2/plugins/SAML2IDPProxyFRImpl.java (the implementation I am using) the function selectIDPBasedOnLOA and the code I want to go into :

               RequestedAuthnContext requestedAuthnContext = authnRequest.getRequestedAuthnContext();
               if (requestedAuthnContext == null) {
                   //Handle the special case when the original request did not contain any Requested AuthnContext:
                   //In this case we just simply return all the IdPs as each one should support a default AuthnContext.
                   return StringUtils.join(idpList, " ");
               }

    So I need to set requestedAuthnContext to null to go in. Any idea ?

    Thank you !

    #15862
    Profile photo of Peter Major Peter Major 
    Moderator

    You may find it easier to use my demo impl instead:
    https://github.com/aldaris/irmsummit-idpproxy-demo

    if you want to go with OOTB stuff, then go to the hosted SP setting and change “Default Authentication Context” setting to —– none —–

    that should do it.

    #16289
    Profile photo of annouar annouar 
    Participant

    Hey Peter,

    thanks you for your answer, it was very helpful !

    However, I got some trouble with https://github.com/aldaris/irmsummit-idpproxy-demo. Actually, I’m trying to compile it (with a mvn package command), and an error has been returned. It seems that we need an account on http://maven.forgerock.org/repo/releases to collect the project dependencies.

    Annouar.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2017 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your username and password

Lost your password?

Forgot your details?