How to add custom Authentication Context

[lscorcia]

Hi, I have an hosted SAML SP on my OpenAM instance and I need to add a new supported Authentication Context to it. Any ideas on how to do that? The table does not allow editing via the UI, and from some obscure documentation reference it seems like one should use ssoadm to do that, but I have no idea how...

[lscorcia]

For future reference, these are the commands that must be used:

# Export current SP Metadata
./ssoadm export-entity -u amadmin -f pwd.txt -e <your realm> -y <SP entity name> -c saml2 -x <extended metadata file name.xml>

In the exported file, edit the spAuthncontextClassrefMapping attribute section, i.e.:

<Attribute name="spAuthncontextClassrefMapping">
  <Value>my:custom:auth:context|2|default</Value>
  <Value>another:custom:auth:context|1|</Value>
</Attribute>

Then replace the current extended metadata document with the edited one:

# Delete SP Extended Metadata
./ssoadm delete-entity -u amadmin -f pwd.txt -e <your realm> -y <SP entity name> -c saml2 -x

# Import SP Extended Metadata
./ssoadm import-entity -u amadmin -f pwd.txt -e <your realm> -t <your circle of trust name> -c saml2 -x <extended metadata file name.xml>

Finally, restart the container to make sure changes are picked up.