Symantec Access Management

 Can SAML Assertion Plugin know which authentication schema used to authenticate a user or other httph headers (client source IP)

posted 01-15-2021 01:21 PM
Hi,

When IdP authenticates user I need to put different roles into SAML Assertion depending if a user on Internal network (used IWA to authenticate) or Internet (used form with 2FA). I don’t see any SM headers corresponding to authentication schema that could be used from Assertion Plugin. Any other options you may know to accomplish similar results? Basically, Internally authenticated users may have more roles, externally authenticated just a basic one.

Thanks,
Vlad

I haven't done this myself but believe you can achieve your objectives by configuring the authentication context.  Documentation for SiteMinder r12.8 is available here:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/partnership-federation/set-the-user-authentication-context-required-by-the-sp/authentication-context-processing-saml-2-0.html

Rich Faust
MIRIMAR Consulting