That error has nothing to do with where you've attached the policy. Something else is messed up with your authorization config.
A completely alternative and probably better approach is to use and access policy on the federation config.
------------------------------
Shane Weeden
IBM
------------------------------
Original Message:
Sent: Mon August 21, 2023 06:34 AM
From: Galin Gospodinov
Subject: ISAM - SAML with MFA
Hi Shane,
the junction for SAML is my situation is /isam/sps/auth, but when I apply protection to this paht, I hit an error.
2023-08-21-13:32:19.428+03:00I----- 0x36A68134 webseald WARNING wga eas RTSSConfig.cpp 204 0x7fde12116700 -- DPWBA0308W The header key name is missing for the app_context_data key: AZN_EAS_POP_LOCATION_ATTRIBUTE2023-08-21-13:32:19.428+03:00I----- 0x36A6812C webseald WARNING wga eas rtss_eas.cpp 423 0x7fde12116700 -- DPWBA0300W A general error occurred: Header key name missing for app_context_data key: AZN_EAS_POP_LOCATION_ATTRIBUTE.
------------------------------
Galin Gospodinov
Original Message:
Sent: Mon August 21, 2023 02:08 AM
From: Shane Weeden
Subject: ISAM - SAML with MFA
You should be able to apply the same technique to protect the path /<jct>/sps/auth for a SAML assertion, where <jct> is usually "mga", but it can be whatever you called your junction.
------------------------------
Shane Weeden
IBM
Original Message:
Sent: Fri August 18, 2023 09:36 AM
From: Galin Gospodinov
Subject: ISAM - SAML with MFA
Hello community,
I configured SAML authentication for an application, but it not support MFA. I want to use ISAM functionality and configure MFA authentication after/before SAML is executed. I follow the MFA cookbook and everything works fine, in situation where I protect some specific path. How can I configure MFA to work with SAML ?
Thank you!
------------------------------
Galin Gospodinov
------------------------------