Does any one know, how to add additional assertions in a SAML request to federated iDP? The problem is that there is no nameID in SAML request:
?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest AssertionConsumerServiceURL="https://testserver.domain.local:9443/commonauth"
Destination="https://idp.eu.safenetid.com/auth/realms/XXXXXXXXXX-STA/protocol/saml"
ForceAuthn="true"
ID="_b53cdb3765c8b92fa51d6079a061deaf"
IsPassive="false"
IssueInstant="2021-02-03T10:45:48.275Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:Issuer xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">WSO2</samlp:Issuer>
<saml2p:RequestedAuthnContext Comparison="exact"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>
</saml2p:RequestedAuthnContext>
</samlp:AuthnRequest>
We configured federated iDP - SafeNet and wont to use it as second factor auth. I configured 2 steps in SP where first step is basic auth and second step is federeted iDP - SafeNet (Saml2webSSO). But, as you can see WSO2 do not include nameID in request and username do not populated on safenet login page. May be we can, some how, configure what to include in SAML request?
