Hi All,

I am working on a project where picketlink is being used as the SP, Microsoft ADFS is the IDP. Picketlink version 2.6, JBOSS EAP 6.4

We have a requirement that the SP should always request X509 or TLS certificate authentication, ie. we want the SAML Authentication request to look like this

<samlp:AuthnRequest ...">
  ...
  <samlp:RequestedAuthnContext Comparison="exact">
   <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml:AuthnContextClassRef>
  </samlp:RequestedAuthnContext>

...
</samlp:AuthnRequest>

Seems like this should be in the SAML2 Authentication Handler SAML2AuthenticationHandler - PicketLink - Project Documentation Editor but I don't see it there.

Does anyone have any pointers on how we might accomplish this requirement?

Cheers!

Shane