Assistance with Extending SAML AuthnRequest for AppSwitch Property
According to the NemLog-in documentation for the app switch feature (9.7 Mobile app-switch), I need to add the AppSwitch property to the SAML request.
However, I am using FoxIDs as an OpenID-to-SAML service and cannot find a way to include the AppSwitch property in the requests FoxIDs generates for the third-party IdP.
It should be like:
<?xml version="1.0"?>
<samlp:AuthnRequest
ID="id9eb5dd256c25461584a2796994feab1d"
...
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>https://sp3.dev-nemlog-in.dk</saml:Issuer>
<samlp:Extensions>
<nl:AppSwitch xmlns:nl="https://data.gov.dk/eid/saml/extensions">
<nl:Platform>Android</nl:Platform>
<nl:ReturnURL>dk.serviceprovider.test</nl:ReturnURL>
</nl:AppSwitch>
</samlp:Extensions>
...
</samlp:AuthnRequest>
How can I achieve this?
You can configure app-switch as extension XML in the authentication method. You can also alternatively configure multiple profiles in a authentication method with different extension XML. Authentication method profiles can be also be selected as allowed authentication methods in your application.
Click Show advanced to add extension XML and optionally profiles.
You can redirect back to your Android app URL dk.serviceprovider.test by adding this XML as extension XML.
<nl:AppSwitch xmlns:nl="https://data.gov.dk/eid/saml/extensions">
<nl:Platform>Android</nl:Platform>
<nl:ReturnURL>dk.serviceprovider.test</nl:ReturnURL>
</nl:AppSwitch>
In the authentication method
or in a profile
FoxIDs documentation about connecting to NemLog-in, see section 3) - Optionally - Configure MitID app-switch to mobile app.
- Assistance with Extending SAML AuthnRequest for AppSwitch Property
- Configuring SAML2: Bypassing 'InResponseTo' Validation While Retaining Default Settings in OpenSaml4AuthenticationProvider
- How to set up AWS Client VPN with Keycloak as IdP
- Response doesn't have any valid assertion which would pass subject validation
- Validate signed assertion embedded in SAMLResponse
- CORS issue using Angular application calling a .NET Core API using Sustainsys.Saml2 library and Azure Active Directory as Identity Provicer
- Logging into SAML/Shibboleth authenticated server using python
- SimpleSAML\Error\Exception: Could not find the metadata of an IdP with entity ID
- Security concerns with providing SAML metadata on public URL
- How to get a SAML token from ADFS sever to pull data from dynamics CRM on-premises (non-sdk) in c#?
- How to add ForceAuthn flag on AWS cognito
- Python Requests - SAML Login Redirect
- How to get SAML token using C#/ASP.NET
- Simple way to put AWS Lambda app behind SAML authentication
- Why wouldn't the IdP initiate contact with the SP in a SAML 2.0 SSO integration?
- How to solve the xmlsec Error: (100, 'lxml & xmlsec libxml2 library version mismatch')
- Mendix and Azure Ad B2C AuthRequest does not have assertion consumer service URL
- Authenticate requests session with login.microsoftonline.com
- Python SSO: pysaml2 and python3-saml
- How to create public and private key with OpenSSL?
- How to change NameID in SimpleSAMLphp
- Add SHA1 to signxml python
- What causes a Responder status in a SAML response
- How to validate a SAML token from ADFS 3.0 in an ASP.NET Core Web API
- Moodle intergration with ADFS--Plugin SAML2 Single sign on
- Python Django ModelViewSet implementation with SAML ACS
- openconnect with gp does not prompt for SAML authentication in command line
- Integrate SAML in Laravel using existing Idp and SP
- Keycloak as a Service Provider - setting up a signing certificate
- Keycloak: Unique SAML endpoint per SAML Client in the same Realm