search

SAML-Toolkits / python3-saml

MIT License
671 stars 302 forks source link

How to Create Multiple Entries for Assurance Levels #315

Closed joehellmersNOAA closed 1 year ago

joehellmersNOAA commented 1 year ago

Hello, I'd like to have the SAML request RequestedAuthnContext section generated like this.

<RequestedAuthnContext Comparison="exact">
    <AuthnContextClassRef>
    http://idmanagement.gov/ns/assurance/ial/1
    </AuthnContextClassRef>
    <AuthnContextClassRef>
    http://idmanagement.gov/ns/assurance/aal/2
    </AuthnContextClassRef>
</RequestedAuthnContext>

When I add two entries in the advanced_settings.json file

{
  "security": {
    "authnRequestsSigned": true,
    "logoutRequestSigned": true,
    "requestedAuthnContext": ["http://idmanagement.gov/ns/assurance/ial/1"],
    "requestedAuthnContext": ["http://idmanagement.gov/ns/assurance/aal/2"],
    "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
    "digestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha256"
  }
}

I only get the second one for aal.

Thanks.

pitbulk commented 1 year ago

The settings are wrong, try:

{
  "security": {
    "authnRequestsSigned": true,
    "logoutRequestSigned": true,
    "requestedAuthnContext": ["http://idmanagement.gov/ns/assurance/ial/1", "http://idmanagement.gov/ns/assurance/aal/2"],
    "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
    "digestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha256"
  }
}