...
In some cases, the Service Provider is also an IDP that received a request from other SPs (Relaying parties) and relies on Audkenni for the actual authentication. This scenario is seen in the picture below.
...
In this casescenario, Audkenni mandates that this information, name of the RelatedPartyParty, is provided in the AuthnRequest as an extension attribute named audkenni:relatedPartyParty, e.g.:
...
| Code Block |
|---|
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="http://localhost:8080/saml/SSO"
Destination="https://idp-dev.audkenni.is/sso/SSORedirect/metaAlias/audkenni/idp"
ForceAuthn="false"
ID="a57h5jf2jdffa5553d58332jc831g7b"
IsPassive="false"
IssueInstant="2019-11-28T13:27:04.831Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">com:audkenni:spring:sp</saml2:Issuer>
<md:Extensions xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<audkenni:relatedPartyParty xmlns:audkenni="urn:audkenni">Example client</audkenni:relatedPartyParty>
<audkenni:signingMessage xmlns:audkenni="urn:audkenni">Login to example client</audkenni:signingMessage>
</md:Extensions>
<saml2p:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract</saml:AuthnContextClassRef>
</saml2p:RequestedAuthnContext>
</saml2p:AuthnRequest> |
2.3. Response
nameidNameID
The social security number of the user is set as the nameId NameID in the authentication response
...
In the SAML Assertion, the following attributes are returned
nationalRegistryIdnationalRegisterId
The social security number
certificate
The certificate generated by the authenticator as a result of the user authentication
...