Add RequestedAuthnContext for MFA in SAML SP

[dherrhoyiu]

Support MFA (Multifactor Authentication) using the authnContextClassRef="http://id.incommon.org/assurance/mfa" attribute on the SP side (Kibana). This is for Shibboleth, which we are using for federated IdM in the Omnisoc initiative (http://omnisoc.iu.edu). The federation is InCommon, a higher ed federation.

I have used Shibboleth on the SP side in ES 6.1 to do MFA, but it's really just an overlay on ES. There's shibd running, which is the SP, and I can add RequestedAuthnContext there within /etc/shibboleth/shibboleth2.xml as authnContextClassRef="http://id.incommon.org/assurance/mfa" in the <SSO ...> entity.
Should be able to do something similar in the ES SAML implementation.

I do have SAML working in a dev ELK with ES 6.2.2.

[danielmitterdorfer]

Hi @dherrhoyiu, as this is an x-pack related issue, I will open an identical internal issue and close this one. You might be aware that we are about to open x-pack so that issue should reappear again in the coming weeks in this repository. Sorry for the inconvenience in the meantime.

[dherrhoyiu]

Yes, I was wondering what to post for x-pack. Thanks for your help and let me know the ID of that request when it’s your github.

…

--Dirk From: Daniel Mitterdorfer <notifications@github.com> Reply-To: elastic/elasticsearch <reply@reply.github.com> Date: Wednesday, April 4, 2018 at 9:18 AM To: elastic/elasticsearch <elasticsearch@noreply.github.com> Cc: "Herr-Hoyman, Dirk" <dherrhoy@iu.edu>, Mention <mention@noreply.github.com> Subject: Re: [elastic/elasticsearch] Add RequestedAuthnContext for MFA in SAML SP (#29367) Hi @dherrhoyiu, as this is an x-pack related issue, I will open an identical internal issue and close this one. You might be aware that we are about to open x-pack so that issue should reappear again in the coming weeks in this repository. Sorry for the inconvenience in the meantime. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[danielmitterdorfer]

Yes, that will fortunately get straightforward after x-pack has been opened. W.r.t. to the issue id: I have mentioned this issue in the internal one so it will show up here after the repository migration.