SAML AuthContextClassRef
Hello all,
using SAML SSO, in the SAML messages there's an element AuthContextClassRef, where a service provider can ask the identity provider to use certain authentication method and vice versa, the IdP pass back information how the user is authenticated (Password, X509, TLS, OTP, ..).
The F5 APM (BIGIP-11.4.1-plus-hf2.14-build2) stores the returned information in the user session (session.saml.last.authNContextClassRef). Using the F5 as SP, the authentication context returned from IdP is stored in the access policy history session.saml./Common/saml_policy_act_saml_auth_ag.authNContextClassRef. So the authentication policy flow can check how the user is authenticated (some application requires to use strong authentication).
Question: Is it possible to set the authContextClassRef before invoking the SAML AAA (IdP) server? So the authContextClassRef would be present already in the request.
Have fun Gabriel
Unfortunately, it's not possible today. I strongly encourage you to open a case with F5 support and ask it to be linked to bug id 445569 to track interest and demand.