RequestedAuthnContext

In the current release of Kasm, the RequestedAuthnContext is required. In future releases this value will be configurable via standard SAML configuration form. As it stands, some configurations with certain IdPs will not work properly when Kasm requires this value.

An example of this issue is documented on Microsoft.com

The following steps can be utilized as a workaround.

Workaround

Repeat the following steps on the Web App role of a Multi-Server deployment or the Kasm Workspaces server if using a Single-Server deployment.

• Stop the Kasm services

sudo /opt/kasm/current/bin/stop

• Edit the /opt/kasm/current/docker/docker-compose.yaml file.

sudo vi /opt/kasm/current/docker/docker-compose.yaml

• In the kasm_api section add an environment variable named KASM_SAML_REQUESTED_AUTHN_CONTEXT with a value of false

docker-compose.yaml edits

 ...
 kasm_api:
   environment:
     KASM_SAML_REQUESTED_AUTHN_CONTEXT: 'false'
   container_name: kasm_api
   user: "${KASM_UID?}:${KASM_GID?}"
 ...

• Remove the existing kasm_api container

sudo docker rm -f kasm_api

• Start the Kasm services. The kasm_api container will be recreated with the new setting applied.

sudo /opt/kasm/bin/start