XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 3.4.0
    • Component/s: Authentication
    • Labels:
      None

      Description

      In oidc protocol authentication context class reference may be requested as essential or as voluntary claim, see http://openid.net/specs/openid-connect-core-1_0.html#acrSemantics.

      The current idp authentication flow selection process does not support selecting flow by non essential acr. Atleast the undersigned understands this by having acr first as selection criteria but in the case acr cannot be met the flow should be selected as if the acr was not requested at all.

      In the geant oidc plugin we have done this by placing OIDCRequestedPrincipalContext as child context of RequestedPrincipalContext to carry the information of the essentiality. This information is then applied in modified version of SelectAuthenticationFlow.

       

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            jalauros@csc.fi Janne Lauros
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 3 hours, 15 minutes
                3h 15m