Sorry if i'm being pushy, I would like to ask again how it is possible to insert the keys saml2p:RequestedAuthnContext and saml2p:NameIDPolicy in the SAML request.
Thank you, Giacomo On Fri, 26 Mar 2021 at 15:56, Giacomo Sommavilla <[email protected]> wrote: > Hi everybody, > > I am making some progress in building an Apereo CAS demo server with > delegated authentication with SAML2 (for integrating with italian SPID > system). > > I am testing against a test IDP instance. I have been able to > generate a compliant SP metadata file (although with some manual > editing). > > Now the test IDP instance is complaining about the > SAML AuthnRequest that is receiving from my delegated CAS. > > In particular, the AuthnRequest lacks these two keys: > > AuthnRequest/NameIDPolicy required key not provided > AuthnRequest/RequestedAuthnContext required key not provided > > For reference, the keys should look like this: > > <saml2p:NameIDPolicy AllowCreate="false" > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/> > <saml2p:RequestedAuthnContext Comparison="exact"> > <saml2:AuthnContextClassRef > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> > <saml2:AuthnContextClassRef > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword</saml2:AuthnContextClassRef> > <saml2:AuthnContextClassRef > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard</saml2:AuthnContextClassRef> > </saml2p:RequestedAuthnContext> > > How can I configure the server to include "NameIDPolicy" and > "RequestedAuthnContext" keys in the request? > > Thanks and regards, > Giacomo > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to a topic in the > Google Groups "CAS Community" group. > To unsubscribe from this topic, visit > https://groups.google.com/a/apereo.org/d/topic/cas-user/O3YSBJJyiKQ/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d921cd7-d863-4494-8092-4db2fcfc85bfn%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d921cd7-d863-4494-8092-4db2fcfc85bfn%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACXAFd7debZRdMQEXpxUwmbTmzdz3CHeyw7v0%2Bx%2ByEMD6QusFA%40mail.gmail.com.
