Alter SAML Request Initiated By Sailpoint

IdentityIQ (IIQ) IIQ Discussion and Questions
1

HI Everyone,

I have implemented SAML SSO for IIQ and its working fine but I have client requirement to alter the AUTHN request which is initiated from IIQ to Identity provider as below:

<saml2p:RequestedAuthnContext Comparison=“exact”><saml2:AuthnContextClassRef xmlns:saml2=“urn:oasis:names:tc:SAML:2.0:assertion”>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2p:RequestedAuthnContext>

Is there any way I can modify the SAML Auth request, If yes then whats configuration change is needed. Please suggest.

2

There are a few attributes you can add directly to the SAMLConfig object’s XML that are not configurable in the UI. For example, you can change the authnContextClassRef which I think is the most common one I’ve had to change in the past.

image

3

Thanks Patrick for reverting…

where I can find SAMLConfig object’s XML file?

I have configured SAML login but dont see xml at sailpoint’s config folder.

4

I want to add ForceAuthn=true in the saml request but when I am trying to add in the SAML.xml (under configuration in debug page) but getting error, its not defined in saml.

Any suggestions how I can add?