SAML Assertion Inline Hook

Questions SAML
1

Hi there,

I’m trying to configure an Inline Hook to add “SessionNotOnOrAfter” to “AuthnStatement”.
Currently, the AuthnStatement looks like this:

<saml2:AuthnStatement 
    AuthnInstant="2020-05-05T16:02:49.580Z" 
    SessionIndex="id1588704578125.1286600800"
    xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
    <saml2:AuthnContext>
        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
    </saml2:AuthnContext>
</saml2:AuthnStatement>

Currently, our web server for the inline hook returns this JSON, but we are getting an error message in the Okta logs saying that the value is incorrect.

{
   "commands":[
      {
         "type":"com.okta.assertion.patch",
         "value":[
            {
               "op":"replace",
               "path":"/authentication",
               "value":{
                  "AuthnStatement":"\"AuthnInstant=\"2020-05-05T16:02:49.580Z\" SessionIndex=\"idxxx.x\" SessionNotOnOrAfter=2020-12-12T16:02:49.580Z xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\""
               }
            }
         ]
      }
   ]
}

What JSON are we supposed to return in order to add the attribute SessionNotOnOrAfter to the AuthnStatement? I have tried with “add” and “replace” and multiple claims combinations without luck. CC @dragos or any other dev engineer with experience with SAML Inline hooks.

Thank you!!

2

Haven’t tried personally, but I’d go with op: add for path: /authentication/<your_attribute>

3

Same issue. :cry: Invalid path(op=add, path=/authentication/SessionNotOnOrAfter)