---
myst:
  html_meta:
    "description lang=en": "SAML Authentication RequestedAuthnContext workaround for Kasm Workspaces."
    "keywords": "Kasm, RequestedAuthnContext"
    "property=og:locale": "en_US"
---
```{title} RequestedAuthnContext
```

## RequestedAuthnContext

In the current release of Kasm, the {code}`RequestedAuthnContext` is required. In future releases this value will be
configurable via standard SAML configuration form. As it stands, some configurations with certain IdPs will not work
properly when Kasm requires this value.

An example of this issue is documented on  [Microsoft.com](https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts75011-auth-method-mismatch)

The following steps can be utilized as a workaround.

### Workaround

Repeat the following steps on the Web App role of a Multi-Server deployment or the Kasm Workspaces server if using a Single-Server deployment.

- Stop the Kasm services

```bash
sudo /opt/kasm/current/bin/stop
```

- Edit the {code}`/opt/kasm/current/docker/docker-compose.yaml` file.

```bash
sudo vi /opt/kasm/current/docker/docker-compose.yaml
```

- In the {code}`kasm_api` section add an environment variable named {code}`KASM_SAML_REQUESTED_AUTHN_CONTEXT` with a value of {code}`false`

```{code-block} Bash
:caption: docker-compose.yaml edits
:emphasize-lines: 3,4
:name: KASM_SAML_REQUESTED_AUTHN_CONTEXT

 ...
 kasm_api:
   environment:
     KASM_SAML_REQUESTED_AUTHN_CONTEXT: 'false'
   container_name: kasm_api
   user: "${KASM_UID?}:${KASM_GID?}"
 ...
```

- Remove the existing {code}`kasm_api` container

```Bash
sudo docker rm -f kasm_api
```

- Start the Kasm services. The {code}`kasm_api` container will be recreated with the new setting applied.

```Bash
sudo /opt/kasm/bin/start
```