How to customize AuthnRequest by scripting

Categories

Open all | Close all

How to customize AuthnRequest by scripting

April 29, 2024
Scenario: Any RP -> Identify -> SAML 2.0 IdP
In this login flow, Identify needs to send an AuthnRequest to an IdP. The purpose of this task is to allow a customer to easily customize the AuthnRequest object right after it is created. You can view this as a PostAuthnRequestCreated event.

In this demonstration we will use ADFS as IdP

1

The AuthnRequest object that is highlighted above is the target we need to customize by scripting. Assume that we already setup a SAML 2.0 protocol connection for RP and a SAML SignOn Authentication for ADFS in Identify Web Administration – Connections.

Click on ADFS Local to open the edit connection page, scroll to bottom.

3

 

There is an AuthnRequest object customization text box that we can input our customization script to modify AuthnRequest object right after it is sent to IdP. At first, let this text box empty and perform a SignOn action, then capture SAMLRequest parameter and decode it.

4

Now let’s go back to edit ADFS Local connection and adjust AssertionConsumerServiceIndex property.

5

6

Save & Close and make a SignOn action again and see what is sent to ADFS Local. As what you see, the AuthnRequest has one more attribute AssertionConsumerServiceIndex and its value is 1.

7

Try to adjust ProtocolBinding property.

8

And this is the result

9

Available AuthnRequest properties that could be customized

e14889b7d35d3abf4272bff864f37c2e[1]

Was this helpful ?Good Somewhat Bad

Related posts:

  1. How to customize SOAP bindings
  2. How much of C# can I use in the ‘Scripting transformation’
  3. WHR: redirect the connection to ADFS
  4. Control binding of SAML 2.0 for WIF