Hello,
One of our clients has provided us with what I believe to be a custom RequestAuthnContext, is there a way to config this via your component?
I’ve tried setting the RequestedAuthnContext property in the config file to the provided value, but this does causes a XML validation error.
Thanks
Neil
Hi Neil,
You can configure an AuthnContext under and this can have a custom value.
The AuthnContext is included as the requested authn context in the authn request to the IdP.
If there’s still an issue, please include a section of SAML configuration showing the problem and the specific XML validation error you see.
[quote][/quote]
Hi Neil,
You can configure an AuthnContext under and this can have a custom value.
The AuthnContext is included as the requested authn context in the authn request to the IdP.
If there's still an issue, please include a section of SAML configuration showing the problem and the specific XML validation error you see.
You can configure an AuthnContext under and this can have a custom value.
The AuthnContext is included as the requested authn context in the authn request to the IdP.
If there's still an issue, please include a section of SAML configuration showing the problem and the specific XML validation error you see.
Thanks, when I set the AuthnContext I receive the following exception:
ComponentSpace.SAML2 Verbose: 0 : 8416/21: 25 Jun 2019 11:07:35: A schema validation error occurred in at line 0, column 0. The 'AuthnContext' attribute is not declared.
ComponentSpace.SAML2 Verbose: 0 : 8416/21: 25 Jun 2019 11:07:35: Exception: ComponentSpace.SAML2.Exceptions.SAMLSchemaValidationException: One or more configuration XML schema validation errors occurred.
ComponentSpace.SAML2 Verbose: 0 : 8416/21: 25 Jun 2019 11:07:35: at ComponentSpace.SAML2.Configuration.SchemaValidator.ValidateConfiguration(XmlDocument xmlDocument)
at ComponentSpace.SAML2.Configuration.SAMLConfigurationFile.Load(String fileName)
at ComponentSpace.SAML2.SAMLController.Initialize()
at ComponentSpace.SAML2.SAMLController.GetCurrentConfiguration()
at ComponentSpace.SAML2.InternalSAMLServiceProvider..ctor()
at BisWeb.ClearView.Web.Security.SSOHelper.CheckSSOLogin(HttpRequest request, HttpResponse response, Boolean isMobile) in D:\a\1\s\BisWeb.ClearView.Web\Security\SSOHelper.cs:line 53
at BisWeb.ClearView.Client.Login.OnLoad(EventArgs e) in D:\a\1\s\BisWeb.ClearView.Client\Login.aspx.cs:line 52
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at BisWeb.ClearView.Web.PageBase.ProcessRequest(HttpContext context) in D:\a\1\s\BisWeb.ClearView.Web\Base\PageBase.cs:line 494
at BisWeb.ClearView.Client.Login.ProcessRequest(HttpContext context) in D:\a\1\s\BisWeb.ClearView.Client\Login.aspx.cs:line 46
at ASP.login_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
And I'm setting the config as follows, I've used xxx to replace the specific details:
<PartnerIdentityProvider
Name="xxx"
UseEmbeddedCertificate="true"
SingleSignOnServiceUrl="xxx"
SignAuthnRequest="true"
WantSAMLResponseSigned="true"
WantAssertionSigned="true"
WantAssertionEncrypted="false"
DigestMethod="http://www.w3.org/2001/04/xmlenc#sha256"
SignatureMethod="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
AuthnContext="urn:oasis:names:tc:SAML:2.0:ac:classes:xxx:form:iNetOrgPerson:selectOrgUnit:prod" />
We are running Version 2.6.0.13 of the component.
Thanks
Neil
Hi Neil,
The syntax is correct but I’m afraid v2.6.0.13 doesn’t include this feature. Please contact support@componentspace.com for upgrade options.
Just as a side note in case you weren’t aware, UseEmbeddedCertificate should only be used in test environments. It shouldn’t be used in production.