Versions Compared

Old Version 5

changes.mady.by.user Jule Ziegler

Saved on

compared with

New Version 6

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Example 2: An SP prefers MFA but accepts SFA

An SP presents a list of authentication contexts in the order of preference (Comparison attribute omitted, applying the default value “exact”):

<samlp:RequestedAuthnContext>
   <saml:AuthnContextClassRef>https://refeds.org/profile/mfa</saml:AuthnContextClassRef>
   <saml:AuthnContextClassRef>https://refeds.org/profile/sfa</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>

An IdP responds SFA:

<saml:AuthnContext>
   <saml:AuthnContextClassRef>https://refeds.org/profile/sfa</saml:AuthnContextClassRef>
</saml:AuthnContext>

Note: according to the SAML 2.0 specification, an Identity Provider can present only one authentication context in the responseThis is NOT supported by the SAML standard. See the FAQ for alternatives.

OpenID Connectr acr claims

...