Federation Guides › Partnership Federation Guide › Authentication Context Processing (SAML 2.0) › Configure Authentication Context Processing at the IdP

Configure Authentication Context Processing at the IdP

The CA SiteMinder® Federation IdP can obtain the authentication context for an assertion in two ways:

• Use a predefined authentication class

  Specify a URI for the authentication class and ignore the context request from the SP. A hard-coded entry can act as the default authentication context for IdP-initiated single sign-on.

• Detect the authentication class automatically—only available with the SiteMinder Connector enabled.

  The system automatically detects the authentication context using the authentication context template.

  The IdP uses the template even if the authentication request from the SP does not include the <RequestedAuthnContext> element. The presence of the element triggers extra evaluation by the IdP and constrains the choices of what the IdP puts in the assertion.

  You can find more information about the flow of authentication context processing.