A SAML request can include a RequestedAuthnContext containing one or more AuthnContextClassRef values, as a way to indicate in advance what class authentication method the application needs at run time. Similarly AuthnContextDeclRef can be used to select one specific method by reference name. This behaviour is defined in the SAML2 Core specifications.
If Ubisecure SSO is configured as an SAML2 IDP proxy, and the upstream IDP supports AuthnContextClassRef functionality, it is possible to make a choice of authentication method already at the Ubilogin ServerUbisecure SSO running in IDP Proxy configuration, or even from an SP using the Ubilogin SAML SP API.
...
The user must then in this case must make the selection between the two at the upstream IDP.
| Info |
|---|
Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...