[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: step-up authentication
I'm writing a deployment profile for step-up authentication where an SP sends the following AuthnRequest to the IdP: <samlp:AuthnRequest ...> <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> user@example.org </saml:NameID> </saml:Subject> <samlp:NameIDPolicy AllowCreate="false"/> <samlp:RequestedAuthnContext> <saml:AuthnContextClassRef> http://example.org/some/specific/authncontextclass </saml:AuthnContextClassRef> </samlp:RequestedAuthnContext> </samlp:AuthnRequest> As a result, the IdP authenticates the given Subject according to the RequestedAuthnContext and then issues an assertion with a "strongly matching" Subject and a matching AuthnContext. Is this a reasonable profile of the elements of SAML Core? Assuming that's the case, does anyone know of a product that implements this profile (or something like it)? Thanks, Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]