SAML config - authnContextClassRef="urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"

Which IIQ version are you inquiring about?

8.2
I need to add authnContextClassRef=“urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified” in SAML for Azure IDP. When I add this tag next to nameIDFormat, it breaks the sso.
Here is my metadata in saml config.

 <Attributes>
 <Map>
 <entry key="IdentityIIQ">
 <value>
          <SAMLConfig assertionConsumerService="XYZ" bindingMethod="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" entityId="XYZ" idpServiceUrl="XYZ" issuer="XYZ" nameIdFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">
            <IdpPublicKey>-----BEGIN CERTIFICATE-----XYZ-----END CERTIFICATE-----
</IdpPublicKey>
            <RuleRef>
              <Reference class="sailpoint.object.Rule" id="0ab10b5283661057818366f176c003ef" name="SSO-SAML-Correlation"/>
            </RuleRef>
          </SAMLConfig>
        </value>
      </entry>
    </Map>
  </Attributes>

If I add the attribute authnContextClassRef=“urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified”, it breaks SSO. What am I missing?

 <SAMLConfig assertionConsumerService="XYZ" bindingMethod="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" entityId="XYZ" idpServiceUrl="XYZ" issuer="XYZ" nameIdFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" authnContextClassRef="urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified">

Hi Vanna,

Your config looks legit. I’ve done that modification as well and it works fine for me.

Do you get any specific error? I would like to suggest installing the SAML tracer to take a look at your saml traffic:
SAML, WS-Federation and OAuth 2.0 tracer - Microsoft Edge Addons

Regards,
Pieter.

Pieter, My bad. It was just a stale browser session. config worked. thanks for checking.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.