Versions Compared

Old Version 1

changes.mady.by.user ubisebastian

Saved on

compared with

New Version Current

changes.mady.by.user ubisebastian

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.4

Introduction

Ubisecure SSO Server is a standards based Identity Provider (IDP). One of the roles of an Identity Provider is to enable federation of user identities from one independent domain to another. Federation is a term used to describe a functionality which transfers a user between two separate IDPs.

...

Code Block
languagexml
titleSAML2 Extension for FTN
<samlp:Extensions>
  <ftn xmlns="http://ftn.ficora.fi/2017/req_ext">
    <lg>fi</lg>
  </ftn>
</samlp:Extensions>

RequestedAuthnContext configuration

It is possible to configure either AuthnContextClassRef or AuthnContextDeclRef together with comparison Comparison. This is possible by specifying the following configuration

Configuration keyDescription
saml.requestedAuthnContext.comparison

Defines the used comparison for either AuthnContextClassRef or AuthnContextDeclRef. Value of the Comparison attribute of RequestedAuthnContext.

Needs to be one of the following:

  • exact

  • minimum

  • maximum

  • better

This configuration key needs to be configured together either with AuthnContextClassRef or AuthnContextDeclRef saml.requestedAuthnContext.authnContextClassRef or saml.requestedAuthnContext.authnContextDeclRef. Defining it alone will cause authentication to fail.

If this parameter is left empty, then no Comparison attribute is set for RequestedAuthnContext.

saml.requestedAuthnContext.authnContextClassRefDefines the used saml:AuthnContextClassRef in the request

List of values of AuthnContextClassRef elements added to RequestedAuthnContext.

Multiple values are separated by white space.

If this parameter is left empty, then no AuthnContextClassRef elements are added to RequestedAuthnContext.

saml.requestedAuthnContext.authnContextDeclRefDefines the used saml:AuthnContextClassRef in the request

List of values of AuthnContextDeclRef elements added to RequestedAuthnContext.

Multiple values are separated by white space.

If this parameter is left empty, then no AuthnContextDeclRef elements are added to RequestedAuthnContext.

NOTE: According to SAML2 protocol schema, it's not allowed to set add both AuthnContextClassRef and AuthnContextDeclRef elements in an RequestedAuthnContext.

Configuration can be done via management user interface by opening the authentication method from global method settings view (Home → Global Method Settings). Then configure the setting by entering the values into Configuration String text field.Image Removed

Image Added

Figure 3. SAML RequestedAuthnContext configuration

Examples

The following configuration in an authentication method :

...