[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Configure Authentication Classes in DEFAULTQS setting



Hi,

I am new in dealing with mod_auth_saml and would like to give to the IDP the desired autehtication class at a SP Initiate authentication. The IDP should use 'urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard', so i configured this in apache:

ZXIDConf "DEFAULTQS=l0https://login.fraunhofer.de/nidp/saml2/metadata%3D1%26fa%3Durn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aac%3Aclasses%3ASmartcard";

I suspect that the URL must be escaped, so 

%3D1 should be '=1' to trigger a direct redirect to the IDP without showing a login page
%26fa%3Durn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aac%3Aclasses%3ASmartcard" shold be "&fa='urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard".

The resulting SAML Request has the following structure:

<sp:AuthnRequest xmlns:sp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://login.fraunhofer.de/nidp/saml2/sso"; ID="NSxewl_f2d8CVIjlRK1R2DJLN" IssueInstant="2013-07-12T12:11:11Z" ProviderName="WUSEL" Version="2.0"><sa:Issuer xmlns:sa="urn:oasis:names:tc:SAML:2.0:assertion">https://sles11nds.bi.fraunhofer.de/protected/saml?o=B</sa:Issuer><sp:RequestedAuthnContext><sa:AuthnContextClassRef xmlns:sa="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</sa:AuthnContextClassRef></sp:RequestedAuthnContext></sp:AuthnRequest>

Unfortunately I can not figure out why zxid uses "urn: oasis: names: tc: SAML: 2.0: ac: classes: unspecified" instead of "urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard"can you give me an hint where to look at?

I4m using libzxid  1.11.

best regards

Andreas

-- 
Andreas Rieck
Fraunhofer-Gesellschaft e.V. / Zentrale
Abteilung C7 Kommunikationsmanagement
Schloss Birlinghoven, 53754 Sankt Augustin
Phone: (+49 2241) 14-2641
Fax:   (+49 2241) 144-2641
mailto:andreas.rieck@xxxxxxxxxxxxxxxx
http://www.fraunhofer.de