IBM QRadar

Hello,

I am trying to setup SAML in one of our QRadar environments with Azure AD but am getting the following error:

AADSTS900235: SAML authentication request's RequestedAuthenticationContext Comparison value must be 'exact'. Received value: 'Minimum'.

Has anybody seen dealt with this before? Seems like Azure AD only allows an "exact" comparison, but I cannot find where QRadar allows me to change the comparison from "minimum" to "exact".

Thanks,

Tim

Hi Tim,

Usually, IDP should be able to configure this to allow minumun for the authContext ComparisonType. Azure may be a special case. QRadar set this to minimum to allow the IDPs to authenticate using passwords or other methods that have higher security level than passwords. Changing this config through UI is not possible as mostly the minimum setting is desired. However...

If you manually edit the login.conf in staging,

vi store/configservices/staging/globalconfig/login.conf

Add this:

authContextComparisonType=exact

Save and deploy.

The new SAML request should have value as exact.

Regards

that did the trick, thanks!

I did the same trick and it worked for me too but then I always get "Failed to process the single sign on authentication assertion from the SAML provider.". Did you manage to configure Azure AD with qradar ?