ComponentSpace

Forums



Multiple RequestedAuthnContexts


Multiple RequestedAuthnContexts

Author
Message
lucas
lucas
New Member
New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)

Group: Forum Members
Posts: 12, Visits: 103
Hi,

I'm checking the documentation about AuthnContexts.
In the ComponentSpace.SAML2.SSOOptions I have these attributes:


public string RequestedAuthnContextComparison { get; set; }
public IList<string> RequestedAuthnContexts { get; set; }



As far I understood I can work with more than one RequestedAuthnContexts as that property is a List.
(urn:oasis:names:tcSyntaxEditor Code Snippeturn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos
SyntaxEditor Code Snippetand urn:oasis:names:tc:SAML:2.0:ac:classes: PasswordProtectedTransport[/code], for example).

But I can't set more than one RequestedAuthnContextComparison as that property is a string.

Can I work with more than one RequestedAuthnContexts and differents Comparison?

Thank you very much

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
I'm afraid that isn't supported by the SAML specification.
You can specify one or more authn contexts but only a single comparison.
Quoting from the specification:

If Comparison is set to "exact" or omitted, then the resulting authentication context in the authentication statement MUST be the exact match of at least one of the authentication contexts specified.
If Comparison is set to "minimum", then the resulting authentication context in the authentication statement MUST be at least as strong (as deemed by the responder) as one of the authentication contexts specified.
If Comparison is set to "better", then the resulting authentication context in the authentication statement MUST be stronger (as deemed by the responder) than any one of the authentication contexts specified.
If Comparison is set to "maximum", then the resulting authentication context in the authentication statement MUST be as strong as possible (as deemed by the responder) without exceeding the strength of at least one of the authentication contexts specified.


Regards
ComponentSpace Development
lucas
lucas
New Member
New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)

Group: Forum Members
Posts: 12, Visits: 103
Thank you very much for the fast reply.
I have one more question about the AuthnContexts.

I've been trying to find that "AuthnContexts" information in the MetaData documentation but I can't find.
Is that information in the MetaData? If not, what is the best way to share this information?

Thank you very much.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The SAML metadata specification doesn't support authn contexts.
You would have to share this information in an ad-hoc manner.

Regards
ComponentSpace Development
lucas
lucas
New Member
New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)New Member (16 reputation)

Group: Forum Members
Posts: 12, Visits: 103
Thank you very much.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search