Cannot configure the "Allow Override of Authentication Level" on the AuthnContext for a SAML 2.0 SP partnership

Document ID : KB000030437
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem:

The "Allow Override of Authentication Level" check box is not visible on the Admin UI for 12.52SP1CR01 but there is a workaround using the XPSExplorer.

 

Solution:

> First use the Admin UI and disable the partnership.

> Then Open a command line on the Policy Server.

enter XPSExplorer 

enter 73 (SPBase) <enter> 

enter S (search) <enter> 

enter the # of the correct SP base partnership <enter> 

enter R (Display Related Records) 

enter the # of IDP Partnership.SPLocalLink <enter> 

enter the # of name of Partnership.SPLocalLink <enter> 

>> You will see a list of parameters/attributes 

enter A (get a writable copy <enter> 

enter the # of AllowAuthLevelOverride (62 in my env) <enter> 

enter new value : yes <enter> 

enter V (validate record) 

enter U (update record) 

enter Q <enter> 

enter Q <enter> 

enter Q <enter> 

> Enter, you are out of XPS explorer. 

Go back to the Admin UI/ logout and login and check the partnership.