Greetings all
Apologies as there may be some cross posts.
A SAML AuthnRequest question from our developer... can anyone help?
Cheers
Colin
Steps:
1.
The user initiates a transaction at the service, which requires identity and address details from attribute providers;
2.
The user is re-directed to the NZ govt’s centralised stateless pseudonymous logon service for an authentication; (SAML 2.0 SP browser redirect)
3.
The user submits the credentials.
4.
The logon service returns the SAML2.0 assertion to the service agency (SAML2.0 Artifact binding).
5.
The service agency redirects the user to the assertion service (SAML AuthnRequest). The request contains following attributes:
-
SAML Authentication Assertion obtained in step 4
-
Attribute nametypes (name, date of birth, gender etc)
-
The assertion service retrieves identity and address details from attribute providers (won’t go into details on how this is done) by SAML Authentication assertion.
- The assertion service creates SAML assertion with the identity and address details as attributes and returns it to the service agency
Questions:
Couple of questions on the step 5;
1.
Can we use <AuthnContextDecl> element to pass SAML authentication assertion in the authentication request to the assertion service?
2.
Can we use <AuthnContextClassRef> element to pass attribute names in the authentication request to the assertion service?
CAUTION: This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you.
====