...
Linux: /usr/local/ubisecure/ubilogin-sso/ubilogin/methods/authncontext.strength
See also How to use Use SAML2 AuthnContextClassRef in IDP Proxy situations
Default configuration
Code Block | ||
---|---|---|
| ||
# # authncontext.strength # # SAML standard AuthnContext Class values # # urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony # urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol # urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword # urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos # urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract # urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered # urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract # urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered # urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony # urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony # urn:oasis:names:tc:SAML:2.0:ac:classes:PGP # urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport # urn:oasis:names:tc:SAML:2.0:ac:classes:Password # urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession # urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard # urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI # urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI # urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI # urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword # urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient # urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony # urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken # urn:oasis:names:tc:SAML:2.0:ac:classes:X509 # urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig # urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified # # Any non-absolute URI values are expanded into Ubilogin Server # AuthnContextDeclRef values # # Example: # # With an Entity ID value of "https://localhost/uas" # "password.1" is expanded into the following AuthnContextDeclRef # "https://localhost/uas/saml2/names/ac/password.1" # 100 urn:oasis:names:tc:SAML:2.0:ac:classes:Password 100 password.1 |
Sample configuration
Code Block | ||
---|---|---|
| ||
# # authncontext.strength # # SAML standard AuthnContext Class values # # The following examples shows smartcard login is strongest, Azure AD next, social networks a little lower, # followed by username and password and finally login using a phone number that has not previously been registered. # # Any non-absolute URI values are expanded into Ubilogin Server # AuthnContextDeclRef values # # Example: # # With an Entity ID value of "https://localhost/uas" # "password.1" is expanded into the following AuthnContextDeclRef # "https://localhost/uas/saml2/names/ac/password.1" # 500 urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard 300 oauth.azuread.1 200 oauth.google.1 200 oauth.facebook.1 200 oauth.linkedin.1 100 urn:oasis:names:tc:SAML:2.0:ac:classes:Password 100 password.1 50 urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered |
...