pysaml2 icon indicating copy to clipboard operation
pysaml2 copied to clipboard
verified publisher icon IdentityPython

AuthnContext is not not respected as policy

Open peppelinux opened this issue 5 years ago • 0 comments

Even if a SP made a AuthnRequest with a proper AuthnContext as follow

    <samlp:RequestedAuthnContext Comparison="minimum">
        <saml:AuthnContextClassRef>
            that-policy
        </saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>

if the IDP succesfully reply with a Response with an absent, unvalued, malformed AuthnContext the SP takes the Response as good. Here some example of those invalid assertions in pysaml2 Responses:

            <saml:AuthnContext>
                <saml:AuthnContextClassRef>
                    something-different
                </saml:AuthnContextClassRef>
            </saml:AuthnContext>

I wonder if it was not the case to consider a list of valid AuthnContexts on which to apply the internal policy to an SP

peppelinux avatar Jan 24 '21 14:01 peppelinux