Configure a SAML 2.0 application journey
Configure the remote SP so that a specific authentication journey is always run for users authenticating with your SAML 2.0 app. The federation flow invokes the associated journey regardless of any existing sessions or requested or configured authentication contexts.
To configure a SAML 2.0 app journey, specify a journey in Native Consoles > Access Management > Realms > Realm Name > Applications > Federation > Entity Providers > Remote SP > Advanced > Tree Name.
When you configure an app journey, the processing of the SAML 2.0 request depends on the authentication context requested by the SP.
You can access the requested authentication context and configured mappings by including a
Scripted Decision node in the journey that queries the samlApplication script binding.
The following table shows the SAML response for each comparison type and the requested authentication context.
| Authentication context | Comparison type | Response |
|---|---|---|
SP requested authn context |
|
Requested authn context included |
SP requested authn context |
|
|
SP doesn’t request authn context |
- |
|
IDP-initiated (no requested authn context) |
- |
|
|
You can’t delete a journey if it’s referenced by a SAML 2.0 app. |