Symantec Access Management

View Only

Can SAML Assertion Plugin know which authentication schema used to authenticate a user or other httph headers (client source IP)

Vladimir Liapko posted Jan 15, 2021 01:21 PM

Hi,

When IdP authenticates user I need to put different roles into SAML Assertion depending if a user on Internal network (used IWA to authenticate) or Internet (used form with 2FA). I don’t see any SM headers corresponding to authentication schema that could be used from Assertion Plugin. Any other options you may know to accomplish similar results? Basically, Internally authenticated users may have more roles, externally authenticated just a basic one.

Thanks,
Vlad

Richard Faust posted Jan 18, 2021 02:58 PM

I haven't done this myself but believe you can achieve your objectives by configuring the authentication context. Documentation for SiteMinder r12.8 is available here:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/partnership-federation/set-the-user-authentication-context-required-by-the-sp/authentication-context-processing-saml-2-0.html

Rich Faust
MIRIMAR Consulting