https://community.sap.com/t5/technology-q-a/saml2-custom-authentication-context/qaa-p/12514665#M4690389 <P>Hi Istvan,</P><P>can you please explain how to implement this: </P><P>"Service Provider Authentication Context - The received authentication context from the service provider is sent."</P><P>Im the service provider - a Java App for example. How can I send my own authentication context ? I cannot find anything in the SCI API.</P><P>Thanks and Regards </P> Tue, 19 Apr 2022 05:49:39 GMT matteoprinetti 2022-04-19T05:49:39Z https://community.sap.com/t5/technology-q-a/saml2-custom-authentication-context/qaq-p/12514663 <P>Hi,<BR /><BR />we want to use the Portal Service in combination with the SAP Identity Authentication Service connected to our ADFS Corporate Server.<BR /><BR />In order to respect Corporate Policy we need to set a Custom Authentication Context: "urn:oasis:names:tc:SAML:2.0:ac:classes:Password" in the SAML2 request.<BR /><BR />However: In the SAP Identity Authentication Admin there is no option for a Custom Authentication Context except for Custom Context delivered by the Service Provider (in this case the Portal Service).<BR /><BR />Now how can we either configure the Portal Service to send the Custom Context or set it explicitly in the Authentication Service? <BR /><BR />Thanks and Regards</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A href="https://blogs.sap.com/2021/09/20/maximizing-the-power-of-sap-community-at-product-support/" target="_blank">here</A>.</B> Fri, 15 Apr 2022 09:38:02 GMT https://community.sap.com/t5/technology-q-a/saml2-custom-authentication-context/qaq-p/12514663 SAPSupport 2022-04-15T09:38:02Z https://community.sap.com/t5/technology-q-a/saml2-custom-authentication-context/qaa-p/12514664#M4690388 <P>Hello,</P> <P>A tenant administrator can configure the authentication context in the request sent to the corporate identity providers when Identity Authentication acts as a proxy identity provider. See: <A rel="noopener" href="https://help.sap.com/docs/IDENTITY_AUTHENTICATION/6d6d63354d1242d185ab4830fc04feb1/028cee2589fd418896ae0235b0aeac40.html??locale=en-US" target="_blank">Configure Authentication Context</A>.</P> <P>Under Configure Authentication Context, choose one of the following options:<BR />None - Authentication context is not sent. The requested authentication context from the service provider is ignored.<BR />Service Provider Authentication Context - The received authentication context from the service provider is sent.<BR />Password Protected Transport - Authentication context class urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport is sent. The requested authentication context from the service provider is ignored.</P> <P>Best regards,<BR />István</P> Fri, 15 Apr 2022 09:38:05 GMT https://community.sap.com/t5/technology-q-a/saml2-custom-authentication-context/qaa-p/12514664#M4690388 SAPSupport 2022-04-15T09:38:05Z https://community.sap.com/t5/technology-q-a/saml2-custom-authentication-context/qaa-p/12514665#M4690389 <P>Hi Istvan,</P><P>can you please explain how to implement this: </P><P>"Service Provider Authentication Context - The received authentication context from the service provider is sent."</P><P>Im the service provider - a Java App for example. How can I send my own authentication context ? I cannot find anything in the SCI API.</P><P>Thanks and Regards </P> Tue, 19 Apr 2022 05:49:39 GMT https://community.sap.com/t5/technology-q-a/saml2-custom-authentication-context/qaa-p/12514665#M4690389 matteoprinetti 2022-04-19T05:49:39Z