Versions Compared

Old Version 3

changes.mady.by.user Keith Uber

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Linux: /usr/local/ubisecure/ubilogin-sso/ubilogin/methods/authncontext.strength

See also How to use Use SAML2 AuthnContextClassRef in IDP Proxy situations

Default configuration

Code Block
titleDefault configuration of authncontext.strength
#
# authncontext.strength
#
# SAML standard AuthnContext Class values
#
# urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony
# urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol
# urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword
# urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos
# urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract
# urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered
# urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract
# urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered
# urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony
# urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony
# urn:oasis:names:tc:SAML:2.0:ac:classes:PGP
# urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
# urn:oasis:names:tc:SAML:2.0:ac:classes:Password
# urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession
# urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard
# urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI
# urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI
# urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI
# urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword
# urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient
# urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony
# urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken
# urn:oasis:names:tc:SAML:2.0:ac:classes:X509
# urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig
# urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified

#
# Any non-absolute URI values are expanded into Ubilogin Server
# AuthnContextDeclRef values
#
# Example:
#
# With an Entity ID value of "https://localhost/uas"
# "password.1" is expanded into the following AuthnContextDeclRef 
# "https://localhost/uas/saml2/names/ac/password.1"
#

100     urn:oasis:names:tc:SAML:2.0:ac:classes:Password
100     password.1


Sample configuration

Code Block
titleDefault configuration of authncontext.strength
#
# authncontext.strength
#
# SAML standard AuthnContext Class values
#
# The following examples shows smartcard login is strongest, Azure AD next, social networks a little lower, 
# followed by username and password and finally login using a phone number that has not previously been registered.
#
# Any non-absolute URI values are expanded into Ubilogin Server
# AuthnContextDeclRef values
#
# Example:
#
# With an Entity ID value of "https://localhost/uas"
# "password.1" is expanded into the following AuthnContextDeclRef 
# "https://localhost/uas/saml2/names/ac/password.1"
#

500		urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard
300		oauth.azuread.1
200		oauth.google.1
200		oauth.facebook.1
200		oauth.linkedin.1
100     urn:oasis:names:tc:SAML:2.0:ac:classes:Password
100     password.1
50		urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered

...