Require X509 certificate from AuthNType

Version 1

    Hi All,

     

    I am working on a project where picketlink is being used as the SP, Microsoft ADFS is the IDP. Picketlink version 2.6, JBOSS EAP 6.4

     

    We have a requirement that the SP should always request X509 or TLS certificate authentication, ie. we want the SAML Authentication request to look like this

     

    <samlp:AuthnRequest ...">
      ...
      <samlp:RequestedAuthnContext Comparison="exact">
       <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef>
      </samlp:RequestedAuthnContext>

    ...
    </samlp:AuthnRequest>


    Seems like this should be in the SAML2 Authentication Handler SAML2AuthenticationHandler - PicketLink - Project Documentation Editor but I don't see it there.


    Does anyone have any pointers on how we might accomplish this requirement?


    Cheers!


    Shane