Solved: SAML2 custom Authentication Context

SAPSupport · ‎2022 Apr 15

Hi,

we want to use the Portal Service in combination with the SAP Identity Authentication Service connected to our ADFS Corporate Server.

In order to respect Corporate Policy we need to set a Custom Authentication Context: "urn:oasis:names:tc:SAML:2.0:ac:classes:Password" in the SAML2 request.

However: In the SAP Identity Authentication Admin there is no option for a Custom Authentication Context except for Custom Context delivered by the Service Provider (in this case the Portal Service).

Now how can we either configure the Portal Service to send the Custom Context or set it explicitly in the Authentication Service?

Thanks and Regards

------------------------------------------------------------------------------------------------------------------------------------------------
Learn more about the SAP Support user and program here.

SAPSupport · ‎2022 Apr 15

Hello,

A tenant administrator can configure the authentication context in the request sent to the corporate identity providers when Identity Authentication acts as a proxy identity provider. See: Configure Authentication Context.

Under Configure Authentication Context, choose one of the following options:
None - Authentication context is not sent. The requested authentication context from the service provider is ignored.
Service Provider Authentication Context - The received authentication context from the service provider is sent.
Password Protected Transport - Authentication context class urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport is sent. The requested authentication context from the service provider is ignored.

Best regards,
István

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

SAML2 custom Authentication Context

Know the answer?

Need more details?