New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KEYCLOAK-14891 Add a fluent builder for AuthnRequest/RequestedAuthnContext element #7292
Conversation
I am almost done with the configuration UI, except that I can't figure out how to pass a multivalued attribute to the server: The IdP configuration stores plain strings only, so for storage I am concatenating the values, separating them with commas.
I guess the Identity Providers config UI only allows single-valued attributes? I sure could concat the values on the client, but this looks inconsistent with the other places in the UI that use multi-valued attributes (i.e. Clients > Valid Redirect URIs). |
I had a bit of extra spare time and I have been able to prepare the UI for setting the RequestedAuthnContext parameters in the SAML Identity Provider configuration. Before I go on and write some unit tests and update the user docs, I'd appreciate a quick review of the general approach:
Thanks for the help! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see this one as a good improvement to SAML brokering.
You will be asked to send a message to keycloak-dev
too so that you may get feedback from others from the community.
Regarding using a comma to store values, or that or use a JSON. At then end, we store key/value into the database ...
Changes LGTM.
I tried to change the code to use JSON serialization and I think it's actually better this way, as it allows for commas in URIs (not that I plan to ever use them!) but also because it makes it more generic and future-proof, just in case it's ever needed to add other attributes to the entries. I'll start writing the tests and I'll probably close this issue/PR and open a new one for a clean feature description and review. Suggestion for the questions above are still welcome! |
I'm closing this PR as a better implementation, including tests, is ready at PR #7307 . |
Adds a builder class for the RequestedAuthnContext SAML element and the required connector method in the AuthnRequest builder.
This is useful for custom SAML-derived Identity Provider modules, but I will also try later to create the required configuration UI in order to expose the feature to the built-in SAML Identity Provider.