FreddyKaiser
commented
9 years ago For 1) I had to define a specific ClaimRule in order to provide the right Authentication Method back. Not sure if this is the only way it has to be done or how it would take the one defined as claim in the source code of the MID ADFS Module
1) AuthnContext (AuthenticationStatement) should be urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract and not <saml:AuthenticationStatement+AuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
2) Entire X509 Certificate of the signer
3) (Optional) Serialnumber of the DN This should also be possible to be set as NameID
4) SubscriberInfo (if present)
Reference of Claims https://technet.microsoft.com/en-us/library/dn280937.aspx