An authentication context template defines the specific SAML 2.0 AuthnContext URIs that a partner supports. Each URI identifies a particular context class is aassigned a protection level and the protection level is then mapped to a strength level.
You can select a template on a per-partnership basis; multiple partnerships can use a single template.
A template has the following distinct functions at each partner:
At the IdP
An authentication context template is required at the IdP when the IdP is configured to automatically detect the authentication context from the SP request.
The template maps URIs to the protection levels associated with a user session. The protection levels indicate the strength of the authentication scheme at the policy server, from 1 through 1000, with 1000 being the strongest. An administrator assigns protection levels when configuring an authentication scheme that authenticates a user and establishes a user session.
The IdP first uses the template to determine the strength of the user session. It then uses the template to determine the strength of the URI in the SP authentication request. These strength levels are then compared.
At the SP
An authentication context template at the SP is required to generate an authentication context that is sent in the authentication request. After the SP generates the request, it sends it to the IdP. The template is also required for the SP to validate that the received assertion satisfies the authentication context requested.
Before proceeding with configuration, verify that you meet the following minimum knowledge requirements:
|
Copyright © 2014 CA.
All rights reserved.
|
|