Previous Topic: Configure Single Sign-on for WS-FederationNext Topic: Specify IP Address Restrictions for Resource Partners (optional)


Set the Authentication Scheme Protection Level

The WS-Federation Assertion Generator creates an assertion based on a user session. The user associated with the session has been authenticated at a particular authentication scheme protection level. This means that you can control which users an assertion is generated for based on the protection level at which they authenticated.

Users are authenticated at different protection levels. Therefore, the assertions generated should be for users who authenticated at the required level. Failure to adhere to the protection level may compromise the federated environment’s security because the assertions may misrepresent the authentication level at which a user actually authenticated.