Hello Gabor,
The SAML Integration was designed, built and tested with compatibility against other providers - (example: okta, auth0).
But the implementation of SAML based on Microsoft AZURE AD as a identity provider is at this time not possible.
The following technical reason communicated by R&D for this impossibility is the following:
The AWI is sending per default the value 'minimum' for
<saml2p:RequestedAuthnContext Comparison="minimum">
But Azure, accepts only 'exact' or nothing at all according to
https://docs.microsoft.com/en-us/answers/questions/69360/aadsts900236-the-saml-authentication-request-prope.htmlThe possibility of selecting an authentication context from a list has not been implemented yet.
This feature request should be submitted to the BROADCOM product management.
Regards
Pascal
Original Message:
Sent: 03-04-2021 11:18 AM
From: Gabor Fritz
Subject: SAML authentication using Microsoft Azure AD
Dear all,
we are implementing SAML authentication with Automic Automation 12.3, using Microsoft Azure AD as Identity Provider (IDP).
After setting up both IDP and Automic Automation side according to below:
https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/12.3/Automic%20Automation%20Guides/Content/AWA/Variables/UC_SAML_SETTINGS_SSO.htm
we're getting an error at logon attempt:
"AADSTS900235: SAML authentication request's RequestedAuthenticationContext Comparison value must be 'exact'. Received value: 'Minimum'."
Is there a way to modify the SAML request Automic Automation is sending, so that it matches the requirement of the IDP?
Thank you,
Gabor