IBM QRadar

We are migrating users to passwordless authentication methods with Microsoft Azure / Entra ID. The SAML configuration with QRadar and Azure is not allowing these passwordless authentication methods as the QRadar SAML request is including a RequestedAuthnContext of password only. 

AADSTS75011: Authentication method 'MultiFactor, Fido' by which the user authenticated with the service doesn't match requested authentication method 'Password'.

Per Microsoft, the RequestedAuthnContext is an optional field in the SAML request - Single sign-on SAML protocol - Microsoft identity platform

I found this thread in this group mentioning a similar issue that can be resolved by customizing SAML parameters in the /store/configservices/staging/globalconfig/login.conf file - QRadar SAML 2.0 with Azure AD | IBM Security QRadar

Is there a similar parameter that can be added to either 1) disable including the RequestedAuthnContext in the SAML request or 2) change the allowed values included in the SAML request from password to accept more / all possible values (ie, FIDO, Multifactor, etc)?

------------------------------
Michael Deal
------------------------------

This is a known issue that is being addressed. Opening a ticket with support would be a good idea so we can track customers against the work.

------------------------------
Rory Bray
Security Architect, Security Intelligence
IBM
------------------------------

Original Message:
Sent: Wed July 03, 2024 07:34 AM
From: Michael Deal
Subject: QRadar SAML - RequestedAuthnContext - Passwordless methods

We are migrating users to passwordless authentication methods with Microsoft Azure / Entra ID. The SAML configuration with QRadar and Azure is not allowing these passwordless authentication methods as the QRadar SAML request is including a RequestedAuthnContext of password only. 

AADSTS75011: Authentication method 'MultiFactor, Fido' by which the user authenticated with the service doesn't match requested authentication method 'Password'.

Per Microsoft, the RequestedAuthnContext is an optional field in the SAML request - Single sign-on SAML protocol - Microsoft identity platform

I found this thread in this group mentioning a similar issue that can be resolved by customizing SAML parameters in the /store/configservices/staging/globalconfig/login.conf file - QRadar SAML 2.0 with Azure AD | IBM Security QRadar

Is there a similar parameter that can be added to either 1) disable including the RequestedAuthnContext in the SAML request or 2) change the allowed values included in the SAML request from password to accept more / all possible values (ie, FIDO, Multifactor, etc)?

------------------------------
Michael Deal
------------------------------