[IdP] Add additional parameter to SAML request

[IdP] Add additional parameter to SAML request

  
Forge Component
(26)
Published on 4 Jul by Telmo Martins
26 votes
Published on 4 Jul by Telmo Martins

Hi i need to add one more parameter to create SAML request that is: AuthnContextClassRef

My current SAML request is generated as: 

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"

xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"

ID="id_t20_5dbae8df7f2d4adca0662c47add940ea"

Version="2.0"

IssueInstant="2018-08-29T11:00:11.9000084Z">

<saml2:Issuer>http://sasasasas</saml2:Issuer>

</saml2p:AuthnRequest>

But my requirement is as below:

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"

ID="S23FDBC2EF947E45FA5C53BA281B5613E63D133170"

Version="2.0"

IssueInstant="2018-08-29T12:17:33Z"

IsPassive="false"

ForceAuthn="false"

Destination="https://smartpass.government.ae:443/secure/SSOPOST/metaAlias/TRA/idp"

ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

AssertionConsumerServiceURL="https://abc/MasterDataManagement.aspx"

>

<saml:Issuer>ABC/</saml:Issuer>

<samlp:NameIDPolicy AllowCreate="false" />

<samlp:RequestedAuthnContext Comparison="exact">

<saml:AuthnContextClassRef>urn:ae:gov:tra:nias:usernamepassword</saml:AuthnContextClassRef>

<saml:AuthnContextClassRef>urn:ae:gov:tra:nias:smsotp</saml:AuthnContextClassRef>

<saml:AuthnContextClassRef>urn:ae:gov:tra:nias:emailotp</saml:AuthnContextClassRef>

<saml:AuthnContextClassRef>urn:ae:gov:tra:nias:eidpin</saml:AuthnContextClassRef>

<saml:AuthnContextClassRef>urn:ae:gov:tra:nias:eidfingerprint</saml:AuthnContextClassRef>

<saml:AuthnContextClassRef>urn:ae:gov:tra:nias:qrcode</saml:AuthnContextClassRef>

<saml:AuthnContextClassRef>urn:ae:gov:tra:nias:totp</saml:AuthnContextClassRef>

</samlp:RequestedAuthnContext>

</samlp:AuthnRequest>


How can i do that? 


Regards,

Hi mohd,

You need to customize your module for such behavior, namely check on the extension (C#/Java) how to add those on the SAML message. Since your request message does not seem to be signed, as alternative you can set this Authn SAML message outside the extension (instead of calling the extension code to generate the XML message you just set the XML message above with the required changes).


Regards

Telmo Martins wrote:

Hi mohd,

You need to customize your module for such behavior, namely check on the extension (C#/Java) how to add those on the SAML message. Since your request message does not seem to be signed, as alternative you can set this Authn SAML message outside the extension (instead of calling the extension code to generate the XML message you just set the XML message above with the required changes).


Regards

Dear Telmo,

I am trying to edit the xif extension named SAML_CreateAuthnRequest but it is showing me an error in integration studio. I am attaching one file with the setting of integration studio and the error text file.


mohd hasib wrote:

Telmo Martins wrote:

Hi mohd,

You need to customize your module for such behavior, namely check on the extension (C#/Java) how to add those on the SAML message. Since your request message does not seem to be signed, as alternative you can set this Authn SAML message outside the extension (instead of calling the extension code to generate the XML message you just set the XML message above with the required changes).


Regards

Dear Telmo,

I am trying to edit the xif extension named SAML_CreateAuthnRequest but it is showing me an error in integration studio. I am attaching one file with the setting of integration studio and the error text file.


Error File is here. Please let me know that can i open this extension?


Hi Mohd,

It looks as though you are using Integration Studio for the 1st time. You must run Integration Studio as Local Administrator (elevated privileges) so that it has permissions to save the environmental settings.After initial setup you will be able to run with normal privileges.