Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SAML2 custom Authentication Context

Go to solution
SAPSupport
Employee
Employee

on ‎2022 Apr 15 10:38 AM

0 Likes
891

Hi,

we want to use the Portal Service in combination with the SAP Identity Authentication Service connected to our ADFS Corporate Server.

In order to respect Corporate Policy we need to set a Custom Authentication Context: "urn:oasis:names:tc:SAML:2.0:ac:classes:Password" in the SAML2 request.

However: In the SAP Identity Authentication Admin there is no option for a Custom Authentication Context except for Custom Context delivered by the Service Provider (in this case the Portal Service).

Now how can we either configure the Portal Service to send the Custom Context or set it explicitly in the Authentication Service?

Thanks and Regards


------------------------------------------------------------------------------------------------------------------------------------------------
Learn more about the SAP Support user and program here.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

SAPSupport
Employee
Employee
‎2022 Apr 15 10:38 AM
0 Likes

Hello,

A tenant administrator can configure the authentication context in the request sent to the corporate identity providers when Identity Authentication acts as a proxy identity provider. See: Configure Authentication Context.

Under Configure Authentication Context, choose one of the following options:
None - Authentication context is not sent. The requested authentication context from the service provider is ignored.
Service Provider Authentication Context - The received authentication context from the service provider is sent.
Password Protected Transport - Authentication context class urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport is sent. The requested authentication context from the service provider is ignored.

Best regards,
István

Show replies
Show replies

Answers (1)

Answers (1)

matteoprinetti
Participant
‎2022 Apr 19 6:49 AM
0 Likes

Hi Istvan,

can you please explain how to implement this:

"Service Provider Authentication Context - The received authentication context from the service provider is sent."

Im the service provider - a Java App for example. How can I send my own authentication context ? I cannot find anything in the SCI API.

Thanks and Regards

Show replies
Show replies
Ask a Question