...
See also How to use SAML2 AuthnContextClassRef in IDP Proxy situations
Default configuration
Code Block |
---|
title | Default configuration of authncontext.strength |
---|
|
#
# authncontext.strength
#
# SAML standard AuthnContext Class values
#
# urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony
# urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol
# urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword
# urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos
# urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract
# urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered
# urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract
# urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered
# urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony
# urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony
# urn:oasis:names:tc:SAML:2.0:ac:classes:PGP
# urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
# urn:oasis:names:tc:SAML:2.0:ac:classes:Password
# urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession
# urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard
# urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI
# urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI
# urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI
# urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword
# urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient
# urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony
# urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken
# urn:oasis:names:tc:SAML:2.0:ac:classes:X509
# urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig
# urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
#
# Any non-absolute URI values are expanded into Ubilogin Server
# AuthnContextDeclRef values
#
# Example:
#
# With an Entity ID value of "https://localhost/uas"
# "password.1" is expanded into the following AuthnContextDeclRef
# "https://localhost/uas/saml2/names/ac/password.1"
#
100 urn:oasis:names:tc:SAML:2.0:ac:classes:Password
100 password.1
|
Sample configuration
Code Block |
---|
title | Default configuration of authncontext.strength |
---|
|
#
# authncontext.strength
#
# SAML standard AuthnContext Class values
#
# The following examples shows smartcard login is strongest, Azure AD next, social networks a little lower,
# followed by username and password and finally login using a phone number that has not previously been registered.
#
# Any non-absolute URI values are expanded into Ubilogin Server
# AuthnContextDeclRef values
#
# Example:
#
# With an Entity ID value of "https://localhost/uas"
# "password.1" is expanded into the following AuthnContextDeclRef
# "https://localhost/uas/saml2/names/ac/password.1"
#
500 urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard
300 oauth.azuread.1
200 oauth.google.1
200 oauth.facebook.1
200 oauth.linkedin.1
100 urn:oasis:names:tc:SAML:2.0:ac:classes:Password
100 password.1
50 urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered |
...