we are using the latest version of ITFoxtec (4.8.8) to parse saml2responses received from our IDP.
The AuthnContext looks like this:
<saml:AuthnContext>
<saml:AuthnContextDeclRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextDeclRef>
</saml:AuthnContext>
unfortunately while calling ReadSamlResponse
var genericSamlRequest = Request.ToGenericHttpRequest();
var binding = new Saml2PostBinding();
var authResponse = new Saml2AuthnResponse(configuration);
binding.ReadSamlResponse(genericSamlRequest, authResponse);
we are getting the following null exception
at Microsoft.IdentityModel.Tokens.Saml2.Saml2AuthenticationContext.set_ClassReference(Uri value)
at Microsoft.IdentityModel.Tokens.Saml2.Saml2Serializer.ReadAuthenticationContext(XmlDictionaryReader reader)
is there any workaround or way to ignore entirely the AuthnContext with SAML validation?
this code fails and we have no idea on how to bypass:
var binding = new Saml2PostBinding();
var authResponse = new Saml2AuthnResponse(configuration);
binding.ReadSamlResponse(genericSamlRequest, authResponse);
we cannot modify the response because it is encrypted and signed. The signature validation will fail.
The AuthnContextDeclRef is not supported but it should be removed in this line.
The AuthnContextClassRef is supported:
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>