Ok the SAML setups needed for SiteMinder are insanely confusing and not straight forward at all -- been pouring over the docs which haven't been any real help...so could really use some pointers here.
I've got a very simple requirement to have a single remote IdP. I need to create SMSESSION at appropriate level depending on the authentication context returned.
Example
Request 1 - Send TimeSyncToken and IdP enforces two-factor token authentication. Response assertion contains the "TimeSyncToken" class and SiteMinder creates a session at Level 3
Request 2 - Send Smartcard and IdP enforces smartcard authentication.Response assertion contains the "TimeSyncToken" class and SiteMinder creates a session at Level 4.
Is this doable with SiteMinder? If so, how can I do this when an SP -> IdP partnership only has one level assigned (even though you can assign multiple context references)? And how do you dynamically send different contexts in a request (i.e., same partnership send context A in request 1 and context B in request 2)?