Need to modify AuthnContextClassRef in ExternalAuth

Stefan Santesson stefan at aaa-sec.com
Sat Dec 19 08:41:14 EST 2015 

I do have a clue what the problem might be.

I noticed that the AuthnContextClassRefPrincipal class, as well as the default setting for shibboleth.authn.External.addDefaultPrincipals is not available in version 3.1.1 but only in 3.2.0 and onward.
I suspect the my IdP version is too old and that I need to upgrade.

I’ll update and see if that solves it.

/Stefan




On 19/12/15 04:26, "users on behalf of Stefan Santesson" <users-bounces at shibboleth.net on behalf of stefan at aaa-sec.com> wrote:

>Scott,
>
>
>
>
>>>
>>>Add an object of type AuthnContextClassRefPrincipal with the value you want to the Subject's principal collection.
>>>
>>>-- Scott
>
>Actually, this didn’t work.
>
>
>My auth/External bean is defined as:
>
><bean id="authn/External" parent="shibboleth.AuthenticationFlow"
>            p:nonBrowserSupported="false" 
>            p:passiveAuthenticationSupported="false"
>            p:forcedAuthenticationSupported="true">
>            <property name="supportedPrincipals">
>                <util:list>
>                    <bean parent="shibboleth.SAML2AuthnContextClassRef" c:classRef="http://id.elegnamnden.se/loa/1.0/loa2"/>
>                    <bean parent="shibboleth.SAML2AuthnContextClassRef" c:classRef="http://id.elegnamnden.se/loa/1.0/loa3"/>
>                    <bean parent="shibboleth.SAML2AuthnContextClassRef" c:classRef="http://id.elegnamnden.se/loa/1.0/loa4"/>
>                    <bean parent="shibboleth.SAML2AuthnContextClassRef" c:classRef="http://id.elegnamnden.se/loa/1.0/loa2-sigmessage"/>
>                    <bean parent="shibboleth.SAML2AuthnContextClassRef" c:classRef="http://id.elegnamnden.se/loa/1.0/loa3-sigmessage"/>
>                    <bean parent="shibboleth.SAML2AuthnContextClassRef" c:classRef="http://id.elegnamnden.se/loa/1.0/loa4-sigmessage"/>
>                </util:list>
>            </property>
>        </bean>
>
>External-auth-config.xml contains:  <util:constant id="shibboleth.authn.External.addDefaultPrincipals" static-field="java.lang.Boolean.FALSE" />
>
>
>The AuthnRequest sends request for 2 supported class refs:
>
><saml2p:RequestedAuthnContext Comparison="exact">
>        <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://id.elegnamnden.se/loa/1.0/loa3</saml2:AuthnContextClassRef>
>        <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://id.elegnamnden.se/loa/1.0/loa3-sigmessage</saml2:AuthnContextClassRef>
>    </saml2p:RequestedAuthnContext>
>
>
>
>The External Auth module sets the http://id.elegnamnden.se/loa/1.0/loa3-sigmessage as the context class ref for the response by:
>
>Principal principal = new UsernamePrincipal(principalName);
>            Principal accPrincipal = new AuthnContextClassRefPrincipal("http://id.elegnamnden.se/loa/1.0/loa3-sigmessage");
>            Subject subj = new Subject();
>            subj.getPrincipals().add(principal);
>            subj.getPrincipals().add(accPrincipal);
>request.setAttribute(“subject", subj);
>
>
>But the assertion is returned with AuthnContextClassRef = http://id.elegnamnden.se/loa/1.0/loa3
>
>What am I doing wrong here?
>
>
>/Stefan
>
>
>
>
>
>
>-- 
>To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list