Hi All,
I am working on a project where picketlink is being used as the SP, Microsoft ADFS is the IDP. Picketlink version 2.6, JBOSS EAP 6.4
We have a requirement that the SP should always request X509 or TLS certificate authentication, ie. we want the SAML Authentication request to look like this
<samlp:AuthnRequest ...">
...
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
...
</samlp:AuthnRequest>
Seems like this should be in the SAML2 Authentication Handler SAML2AuthenticationHandler - PicketLink - Project Documentation Editor but I don't see it there.
Does anyone have any pointers on how we might accomplish this requirement?
Cheers!
Shane
Comments