test

Sun OpenSSO Enterprise 8.0 Administration Reference

Authentication Context

This attribute maps the SAMLv2-defined authentication context classes to authentication methods available from the identity provider.

Mapper

Specifies the implementation of the IDPAuthnContextMapper interface used to create the requested authentication context. The default implementation is com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper.

Default Authentication Context

Specifies the default authentication context type used by the identity provider if the service provider does not send an authentication context request.

Supported

Select the check box next to the authentication context class if the identity provider supports it.

Context Reference

The SAMLv2-defined authentication context classes are:

  • InternetProtocol

  • InternetProtocolPassword

  • Kerberos

  • MobileOneFactorUnregistered

  • MobileTwoFactorUnregistered

  • MobileOneFactorContract

  • MobileTwoFactorContract

  • Password

  • Password-ProtectedTransport

  • Previous-Session

  • X509

  • PGP

  • SPKI

  • XMLDSig

  • Smartcard

  • Smartcard-PKI

  • Software-PKI

  • Telephony

  • NomadTelephony

  • PersonalTelephony

  • AuthenticaionTelephony

  • SecureRemotePassword

  • TLSClient

  • Time-Sync-Token

  • Unspecified

Key

Choose the OpenSSO Enterprise authentication type to which the context is mapped.

Value

Type the OpenSSO Enterprise authentication option.

Level

Takes as a value a positive number that maps to an authentication level defined in the OpenSSO Enterprise Authentication Framework. The authentication level indicates how much to trust a method of authentication.

In this framework, each identity provider is configured with a default authentication context (preferred method of authentication). However, the provider might like to change the assigned authentication context to one that is based on the defined authentication level. For example, provider B would like to generate a local session with an authentication level of 3 so it requests the identity provider to authenticate the user with an authentication context assigned that level. The value of this query parameter determines the authentication context to be used by the identity provider.