Answered by:
How to check which one is already setting by default on ADFS and how to edit it. Can we add more than one authentication context?

Question
-
Environment:-
- ADFS 4.0
- Windows Server 2016
.
Requirement Description: -
In SAML 2.0, there are 25 types of Authentication Context Types XML Schema. Assist me to understand following configuration.
Kindly let me know, how to check which one is already setting by default on ADFS and how to edit it. Can we add more than one authentication context?
For reference
http://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf
List of authentication context type schema: -
- urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword
- urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol
- urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos
- urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered
- urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered
- urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract
- urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract
- urn:oasis:names:tc:SAML:2.0:ac:classes:Password
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
- urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession
- urn:oasis:names:tc:SAML:2.0:ac:classes:X509
- urn:oasis:names:tc:SAML:2.0:ac:classes:PGP
- urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI
- urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig
- urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard
- urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI
- urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI
- urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony
- urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony
- urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalTelephony
- urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony
- urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword
- urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient
- urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken
- urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
Regards, S.P Singh
Saturday, August 10, 2019 5:46 PM
Answers
-
Thanks Pierre Audonnet,
Can we add more authentication context and also remove default authentication context? If yes, how can we do this? Kindly provide your assistance.
Regards, S.P Singh
Kindly assist.
Regards, S.P Singh
- Proposed as answer by Jorrk Friday, August 16, 2019 12:02 PM
- Marked as answer by Hamid Sadeghpour SalehMVP Thursday, September 5, 2019 7:52 AM
Friday, August 16, 2019 12:02 PM -
(Get-AdfsProperties).AuthenticationContextOrder.OriginalString
urn:oasis:names:tc:SAML:2.0:ac:classes:Password
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient
urn:oasis:names:tc:SAML:2.0:ac:classes:X509
urn:federation:authentication:windows
urn:oasis:names:tc:SAML:2.0:ac:classes:KerberosThis is what's there by default.
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
- Proposed as answer by Hamid Sadeghpour SalehMVP Thursday, September 5, 2019 7:52 AM
- Marked as answer by Hamid Sadeghpour SalehMVP Thursday, September 5, 2019 7:53 AM
Saturday, August 10, 2019 10:00 PM
All replies
-
(Get-AdfsProperties).AuthenticationContextOrder.OriginalString
urn:oasis:names:tc:SAML:2.0:ac:classes:Password
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient
urn:oasis:names:tc:SAML:2.0:ac:classes:X509
urn:federation:authentication:windows
urn:oasis:names:tc:SAML:2.0:ac:classes:KerberosThis is what's there by default.
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
- Proposed as answer by Hamid Sadeghpour SalehMVP Thursday, September 5, 2019 7:52 AM
- Marked as answer by Hamid Sadeghpour SalehMVP Thursday, September 5, 2019 7:53 AM
Saturday, August 10, 2019 10:00 PM -
Thanks Pierre Audonnet,
Can we add more authentication context and also remove default authentication context? If yes, how can we do this? Kindly provide your assistance.
Regards, S.P Singh
Sunday, August 11, 2019 10:09 AM -
Thanks Pierre Audonnet,
Can we add more authentication context and also remove default authentication context? If yes, how can we do this? Kindly provide your assistance.
Regards, S.P Singh
Regards, S.P Singh
Tuesday, August 13, 2019 2:11 AM -
Thanks Pierre Audonnet,
Can we add more authentication context and also remove default authentication context? If yes, how can we do this? Kindly provide your assistance.
Regards, S.P Singh
Kindly assist.
Regards, S.P Singh
- Proposed as answer by Jorrk Friday, August 16, 2019 12:02 PM
- Marked as answer by Hamid Sadeghpour SalehMVP Thursday, September 5, 2019 7:52 AM
Friday, August 16, 2019 12:02 PM