SSOCircle: Authentication Context Tour 7

<< < 1 2 3 4 5 6 7 8 9 10 > >>

Technical details:
The secure lightbulb service provider is now sending an AuthnRequest which is specifying an RequestedAuthnContext referring to "urn:oasis:names:tc:SAML:2.0:ac:classes:X509" as AuthnContextClassRef. So, what does this mean ? Basically the SP is telling the SSOCircle IDP that it is requiring a specific minimum level of authentication security. In that case authentication by a X.509 certificate. See at the next slide how SSOCircle is reacting ...

 1 <?xml version="1.0" encoding="UTF-8"?>
 2 <samlp:AuthnRequest  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
 3                      ID="6e272edfa44fb51f4802668760b66c8cab4da2c471" Version="2.0" 
 4                      IssueInstant="2008-06-09T13:54:11Z" 
 5                      ForceAuthn="false" 
 6                      IsPassive="false" 
 7                      ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
 8                      AssertionConsumerServiceURL="http://lightbulb.saml2.com/securelb/sp.php">
 9     <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
10         http://lightbulb.saml2.com/securelb
11     </saml:Issuer>
12     <samlp:NameIDPolicy  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
13                          Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" 
14                          SPNameQualifier="http://lightbulb.saml2.com/securelb" 
15                          AllowCreate="true">
16     </samlp:NameIDPolicy>
17     <samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="minimum">
18         <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
19                     urn:oasis:names:tc:SAML:2.0:ac:classes:X509  
20         </saml:AuthnContextClassRef>
21     </samlp:RequestedAuthnContext>
22 </samlp:AuthnRequest>
23 
24