Thank you for a great toolkit @pitbulk and onelogin.
Is it possible to extend the SP config, so I can specify new extra AuthnContextClassRef in the AuthnRequest?
I need this to get Integrated Windows Authenitcation (IWA) to work with ADFS (automatic login for Windows clients).
I am sorry if this is not the right way to suggest enhancements.
Suggested extention:
Adding new setting AuthnContextClass under "sp" in settings.json:
"sp": {
...
"AuthnContextClass": "<saml:AuthnContextClassRef>urn:federation:authentication:windows</saml:AuthnContextClassRef>",
...
}Adding some code to authn_request.py:
diff --git a/src/onelogin/saml2/authn_request.py b/src/onelogin/saml2/authn_request.py
index ae3c04e..051f462 100644
--- a/src/onelogin/saml2/authn_request.py
+++ b/src/onelogin/saml2/authn_request.py
@@ -58,6 +58,8 @@ class OneLogin_Saml2_Authn_Request(object):
if 'displayname' in organization_data[lang] and organization_data[lang]['displayname'] is not None:
provider_name_str = 'ProviderName="%s"' % organization_data[lang]['displayname']
+ extra_authn_context_classes = sp_data.get('AuthnContextClass', '')
+
request = """<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
@@ -73,6 +75,7 @@ class OneLogin_Saml2_Authn_Request(object):
Format="%(name_id_policy)s"
AllowCreate="true" />
<samlp:RequestedAuthnContext Comparison="exact">
+ %(extra_authn_context_classes)s
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassR
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>""" % \
@@ -84,6 +87,7 @@ class OneLogin_Saml2_Authn_Request(object):
'assertion_url': sp_data['assertionConsumerService']['url'],
'entity_id': sp_data['entityId'],
'name_id_policy': name_id_policy_format,
+ 'extra_authn_context_classes': extra_authn_context_classes
}
self.__authn_request = request
(END)Best regards
@josteinl
Thank you for a great toolkit @pitbulk and onelogin.
Is it possible to extend the SP config, so I can specify new extra AuthnContextClassRef in the AuthnRequest?
I need this to get Integrated Windows Authenitcation (IWA) to work with ADFS (automatic login for Windows clients).
I am sorry if this is not the right way to suggest enhancements.
Suggested extention:
Adding new setting AuthnContextClass under "sp" in settings.json:
Adding some code to authn_request.py:
Best regards
@josteinl