RH-SSO ignores SAML PasswordProtectedTransport AuthnContext

Solution Unverified - Updated -

Issue

  • Unable to configure Adobe Analytics or OpenAM as a SAML Client/Service Provider (SP)
  • SP makes a request with

    <samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"Comparison="exact">
            <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
    

    But RH-SSO responds with:

    <saml:AuthnContext>
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
    </saml:AuthnContext>
    

    causing the SP to reject the assertion.

Environment

  • Red Hat Single Sign-On (RH-SSO) 7
  • RH-SSO as the Identity Provider (IdP)
  • Separate Serivce Provider (SP) that requests PasswordProtectedTransport

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In