When trying to use the ITfoxtec.Identity.Saml2 library, the test example /TestWebAppCoreNemLogin3Sp I get the error AADSTS900235: SAML authentication request's RequestedAuthenticationContext Comparison value must be 'exact'. Received value: 'Minimum'.
Appsetting.json:
"Issuer": "https://login.microsoftonline.com/01ec0a12-bbce-40b2-9f30-60c2bf9767c6/saml2", //"https://saml.itfoxtecidentitysaml2-dev.sample/public",
"IdPMetadataFile": "XXXXXX.xml",
"SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
"CertificateValidationMode": "None", // "ChainTrust", //
"RevocationMode": "NoCheck", // "Online" //
"authnContext": "http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/windows",
"identifierFormat": null
The xml file has been generated on Enterprise Application to federate with SAML.
Why does the error occur? Is there something missing to configure?
It should be possible to resolv the problem by setting the Comparison = AuthnContextComparisonTypes.Exact.
RequestedAuthnContext = new RequestedAuthnContext
{
Comparison = AuthnContextComparisonTypes.Exact,
AuthnContextClassRef = new string[]
{
"https://somedomain.org/xxxx/yyyy"
},
}
Link to the code: https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/blob/main/test/TestWebAppCoreNemLogin3Sp/Controllers/AuthController.cs#L40