I am trying to setup Idp InitiatedSSO. I was trying to debug SAML response sent to Service Provider.
I found that AuthnContextClassRef in Saml reposnse is “urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified”.
But Our requrirement is to be “urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport”.
Can you please help with that
I assume your site is the identity provider and you wish to include an AuthnContextClassRef in the SAML response. You have a couple of options.
The first is to specify an AuthnContext in the section of your SAML configuration (eg saml.config file).
<PartnerServiceProvider
Name=“…”
AuthnContext=“urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport”
Alternatively, there are SAMLIdentityProvider.InitiateSSO and SAMLIdentityProvider.ReceiveSSO overloads that take an authnContext parameter. If specified, this will be used instead of any configured AuthnContext for the AuthnContextClassRef .
If neither the AuthnContext parameter nor configuration is specified, it defaults to “urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified”.