diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2021-10-19 15:46:58 +0300 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2021-10-20 10:20:03 +0300 |
commit | d1a11dbfe6032c2bc8f1e96435b48c7faa6a203e (patch) | |
tree | 8440a42fefb2dacc924224ebfb286516b7ca6388 /docs | |
parent | 0228a5209571364c7073fb932765ec57253e2bcd (diff) | |
download | pysaml2-d1a11dbfe6032c2bc8f1e96435b48c7faa6a203e.tar.gz |
Add new config option requested_authn_context
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Diffstat (limited to 'docs')
-rw-r--r-- | docs/howto/config.rst | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/docs/howto/config.rst b/docs/howto/config.rst index 9060ad2c..0cbfcbf1 100644 --- a/docs/howto/config.rst +++ b/docs/howto/config.rst @@ -342,7 +342,7 @@ ca_certs This is the path to a file containing root CA certificates for SSL server certificate validation. Example:: - + "ca_certs": full_path("cacerts.txt"), @@ -1222,6 +1222,34 @@ Example:: "requested_attribute_name_format": NAME_FORMAT_BASIC +requested_authn_context +""""""""""""""""""""""" + +This configuration option defines the ``<RequestedAuthnContext>`` for an AuthnRequest by +a client. The value is a dictionary with two fields + +- ``authn_context_class_ref`` a list of string values representing + ``<AuthnContextClassRef>`` elements. + +- ``comparison`` a string representing the Comparison xml-attribute value of the + ``<RequestedAuthnContext>`` element. Per the SAML core specificiation the value should + be one of "exact", "minimum", "maximum", or "better". The default is "exact". + +Example:: + + "service": { + "sp": { + "requested_authn_context": { + "authn_context_class_ref": [ + "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient", + ], + "comparison": "minimum", + } + } + } + + idp/aa/sp ^^^^^^^^^ |