I'm trying to set up my NAM IDP acting as a SP, receiving an inbound
assertion from an outside IDP. I have the authentication step working
correctly - the assertion is received by NAM, the user is authenticated,
and everything is good, except that the SAML authentication doesn't
provide the authentication level necessary to access the protected
resource. I want the SAML assertion to provide authentication
equivalent to a level 7 local authenticaion class; but it doesn't appear
to do so. According to the docs, the Trust Levels local authentication
class is what I need to configure here, but I've configured it per the
documentation (which seems odd, because the docs say just to edit the
properties on the local auth class, not set up a method and contract),
and it doesn't seem to make any difference.

Has anybody fought this battle before and is willing to give me a hand
here? Or should I just start drinking heavily?

The AuthnContextClassRef that's being passed in in the SAML assertion
is: urnasis:names:tc:SAML:2.0:ac:classes:PasswordProtecte dTransport ,
and I have the following properties set on the Trust Levels class.

SetClassTrustLevels true
urnasis:names:tc:SAML:2.0:ac:classes:PasswordProtecte dTransport 7


jcfergus's Profile: https://forums.netiq.com/member.php?userid=4348
View this thread: https://forums.netiq.com/showthread.php?t=47608