+ Start a Discussion
davcondevdavcondev 

How to add a samlp tag into an sp-initiated authentication request?

The identity provider requires a specific samlp tag to be included in the request. I can't see a way of achieving this.
  • There doesn't appear to be any way to specify this in the configurable single sign-on settings.
  • Creating a setting via "New Metadata from File" using the metadata from the identity provider doesn't help either.
Any ideas?

About the only thing I can think of manually modifying the metadata file to force addition of the tag - anyone done this before?
 
Best Answer chosen by davcondev
Pat PattersonPat Patterson
Received word from product team: 'not possible today'.

All Answers

Pat PattersonPat Patterson
What tag do they require?
davcondevdavcondev
<samlp:RequestedAuthnContext>
  <saml:AuthnContextClassRef>specific value goes in here</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
Pat PattersonPat Patterson
I'm not sure this is possble... Checking with the product team...
Pat PattersonPat Patterson
Received word from product team: 'not possible today'.
This was selected as the best answer
davcondevdavcondev
'today' gives me a glimmer of hope. If I say the magic words "Safe Harbor", will an indicative timeline materialize?

I wonder if it's even worth posting an idea, this kind of specialized topic is always going to get stuck Under Point Threshold.
Pat PattersonPat Patterson
From product management: "We may do it. It's been on my wishlist of things to get to...".

In the meantime, if you really needed this, you could probably figure out some sort of proxy. Configure Salesforce to send the authn request to the proxy, and have the proxy add the RequestedAuthnContext element and send it on to the IdP. The IdP could then send the response straight back to Salesforce's assertion consumer service.
davcondevdavcondev
Thanks, I didn't expect such a quick reply to that speculator question, actually I wasn't sure if I'd get a reply at all!