Forum Discussion

Daniel_Varela's avatar
Apr 19, 2017

SAML multiple auth context support

Hi everybody,

 

I would like to know if there is or it planned to support multiple auth context as IDP. Now it seems that APM only support one auth context (by default PasswordProtectedTransport).

 

The use case here is a SP where it is required priviledge scalation. For example the SP by default requires username and password authentication but if the user access /admin the it request certificate authentication.

 

This should be doable if APM fully supported SAML 2.0. By using forceauth (which it is actually ignored by APM) and taking in to account the context auth list provided in the authrequest coming from the SP somehow in the VPE we should be able to authenticate users accordingly.

 

My tests say that this is not supported/implemented in 13.0 but... it is planned to expand SAML functionalities as IDP.

 

Thanks in advance!