An authentication context template defines the specific SAML 2.0 AuthnContext URIs that a partner supports. Each URI identifies the context class.
You can select a template on a per-partnership basis; multiple partnerships can use a single template.
In addition to the common function, a template has distinct functions at each partner:
You only require a template at the IdP under the following conditions:
The template maps URIs to the protection levels associated with a CA SiteMinder® user session. The protection levels indicate the strength of the CA SiteMinder® authentication scheme, from 1 through 1000, with 1000 being the strongest. An administrator assigns protection levels when configuring CA SiteMinder® authentication scheme that authenticates a user and establishes a user session.
Note: Protection levels are only available if you are using the SiteMinder Connector.
A template at the SP is required to generate an authentication context request. After the SP generates the request, it sends it to the IdP. The template is also required for the SP to validate that the assertion from the IdP satisfies the authentication context request.
|
Copyright © 2013 CA.
All rights reserved.
|
|