0D51Y00008QlEiJSAVOkta Classic EngineAdministrationAnswered2024-04-15T09:30:27.000Z2020-05-05T20:28:20.000Z2020-05-11T19:17:31.000Z

JoseM.53291 (Customer) asked a question.

May 5, 2020 at 8:28 PM
[Inline hooks] Add "SessionNotOnOrAfter" to "AuthnStatement"

Hi there,

 

We are trying to configure an Inline Hook to add "SessionNotOnOrAfter" to "AuthnStatement".

 

Currently, the JSON AuthnStatement looks like this:

 

    <saml2:AuthnStatement 

      AuthnInstant="2020-05-05T16:02:49.580Z" 

      SessionIndex="id1588704578125.1286600800"

      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">

      <saml2:AuthnContext>

        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>

      </saml2:AuthnContext>

    </saml2:AuthnStatement>

 

 

 

What JSON are we supposed to return in order to add the attribute SessionNotOnOrAfter to the AuthnStatement?

 

Currently we are tying with the following with no luck:

 

{

  "commands": [

  {

   "type": "com.okta.assertion.patch",

   "value": [

    {

     "op": "replace",

     "path": "/authentication",

     "value": {"AuthnStatement":'"AuthnInstant="2020-05-05T16:02:49.580Z" SessionIndex="idxxx.x" SessionNotOnOrAfter=2020-12-12T16:02:49.580Z xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"'}

    }

 ]

}

]

}

 

Any ideas?

  • 5 answers
  • 1.15K views

  • JoseM.53291 (Customer)

    Hi Vipul, the JSON looks like this:

     

    "authentication":{

                "sessionIndex":"idxx.xxxxxxx",

                "authnContext":{

                   "authnContextClassRef":"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"

                }

             }

    Expand Post

  • JoseM.53291 (Customer)

    Unfortunately, I keep getting this error message:

     

    failure : Invalid path(op=add, path=/authentication/)

     

    I used the same JSON that you posted above.

     

    I also tried using "path": "/authentication" with the same result:

     

    failure : Invalid path(op=add, path=/authentication)

    Expand Post

  • bc221 (bc221)

    Can you please try this:

     

    {

       "commands":[

          {

             "type":"com.okta.assertion.patch",

             "value":[

                {

                   "op":"add",

                   "path":"/authentication/SessionNotOnOrAfter",

                   "value":"xxxxxxxxxxxxxxx"

                }

             ]

          }

       ]

    }

    Expand Post

  • bc221 (bc221)

    Hi,

     

    Did my latest suggestion work ?

  • JoseM.53291 (Customer)

    Hi @bc221 (bc221)​ , it didn't :/ I created a support ticket about this and this is what they said:

     

    Per our documentation, 'add' operations are not supported for the /authentication path, hence the error message you are receiving. While you can add new claims to the assertion, you can only replace existing attributes within /authentication.

    https://developer.okta.com/docs/reference/saml-hook/#list-of-supported-ops

    When performing an 

    add op to add a new attribute statement, this will always begin with 

    /claims/

     and be followed by the name of the new attribute you are adding.

     

    Thank you so much @bc221 (bc221)​ for helping me!

    Expand Post
This question is closed.

Recommended content

No recommended content found...