Configure SAML2 AuthnContextClassRef in authncontext.strength file
- Keith Uber
- Former user (Deleted)
Owned by Keith Uber
It is possible to configure your own classes for authentication methods and order these methods to enable comparisons when requesting authentication methods using the SAML2 Authentication Request.
Relative strength comparion information is defined in the authncontext.strength file
Windows: C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\methods\authncontext.strength
Linux: /usr/local/ubisecure/ubilogin-sso/ubilogin/methods/authncontext.strength
See also Use SAML2 AuthnContextClassRef in IDP Proxy situations
Default configuration
Default configuration of authncontext.strength
# # authncontext.strength # # SAML standard AuthnContext Class values # # urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony # urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol # urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword # urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos # urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorContract # urn:oasis:names:tc:SAML:2.0:ac:classes:MobileOneFactorUnregistered # urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract # urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered # urn:oasis:names:tc:SAML:2.0:ac:classes:NomadTelephony # urn:oasis:names:tc:SAML:2.0:ac:classes:PersonalizedTelephony # urn:oasis:names:tc:SAML:2.0:ac:classes:PGP # urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport # urn:oasis:names:tc:SAML:2.0:ac:classes:Password # urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession # urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard # urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI # urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI # urn:oasis:names:tc:SAML:2.0:ac:classes:SPKI # urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword # urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient # urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony # urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken # urn:oasis:names:tc:SAML:2.0:ac:classes:X509 # urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig # urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified # # Any non-absolute URI values are expanded into Ubilogin Server # AuthnContextDeclRef values # # Example: # # With an Entity ID value of "https://localhost/uas" # "password.1" is expanded into the following AuthnContextDeclRef # "https://localhost/uas/saml2/names/ac/password.1" # 100 urn:oasis:names:tc:SAML:2.0:ac:classes:Password 100 password.1
Sample configuration
Default configuration of authncontext.strength
# # authncontext.strength # # SAML standard AuthnContext Class values # # The following examples shows smartcard login is strongest, Azure AD next, social networks a little lower, # followed by username and password and finally login using a phone number that has not previously been registered. # # Any non-absolute URI values are expanded into Ubilogin Server # AuthnContextDeclRef values # # Example: # # With an Entity ID value of "https://localhost/uas" # "password.1" is expanded into the following AuthnContextDeclRef # "https://localhost/uas/saml2/names/ac/password.1" # 500 urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard 300 oauth.azuread.1 200 oauth.google.1 200 oauth.facebook.1 200 oauth.linkedin.1 100 urn:oasis:names:tc:SAML:2.0:ac:classes:Password 100 password.1 50 urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered