instipod
commented
1 year ago I believe this feature would have to be implemented by Keycloak. The authenticator has no knowledge of the current authenticator request being performed for a SAML client or OIDC client. However, in my research I stumbled upon https://issues.redhat.com/projects/KEYCLOAK/issues/KEYCLOAK-5224 which looks like AuthnContextClassRef sending with Keycloak as IDP is currently not supported.
menardorama
Hi
I don't really know if I am hitting the right place but we implemented your provider and it's working great.
But on some saml client it lacks of AuthnContextClassRef information saying that the session was created using a valid SecondFactor
I honnestly don't know if it is a keycloak feature or dependent of your provider.
Thanks