Overriding Options Per Request
The Rock Solid Knowledge SAML SP component supports overriding service provider configuration options per challenge request using SamlChallengeProperties
.
The following options are overridable per request:
ForceAuthentication
: Sets theForceAuthn
attribute on generated SAML requests, requesting that the IdP re-authenticate the userAllowedIdPs
: An advisory list of identity providers that are deemed acceptable to respond to the authentication requestSubject
: Sets the optional "Subject" element in the SAML authentication request. Details about this property can be found at Authentication Request Subject.
Usage
SamlChallengeProperties
can be used to set configuration options for an authentication session.
HttpContext.ChallengeAsync("saml-idp", new SamlChallengeProperties
{
AllowedIdPs = new List<string>
{
"urn:identityserver",
"https://localhost:5000/saml/"
}
});