diff options
Diffstat (limited to 'docs/howto/config.rst')
-rw-r--r-- | docs/howto/config.rst | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/docs/howto/config.rst b/docs/howto/config.rst index 9060ad2c..0cbfcbf1 100644 --- a/docs/howto/config.rst +++ b/docs/howto/config.rst @@ -342,7 +342,7 @@ ca_certs This is the path to a file containing root CA certificates for SSL server certificate validation. Example:: - + "ca_certs": full_path("cacerts.txt"), @@ -1222,6 +1222,34 @@ Example:: "requested_attribute_name_format": NAME_FORMAT_BASIC +requested_authn_context +""""""""""""""""""""""" + +This configuration option defines the ``<RequestedAuthnContext>`` for an AuthnRequest by +a client. The value is a dictionary with two fields + +- ``authn_context_class_ref`` a list of string values representing + ``<AuthnContextClassRef>`` elements. + +- ``comparison`` a string representing the Comparison xml-attribute value of the + ``<RequestedAuthnContext>`` element. Per the SAML core specificiation the value should + be one of "exact", "minimum", "maximum", or "better". The default is "exact". + +Example:: + + "service": { + "sp": { + "requested_authn_context": { + "authn_context_class_ref": [ + "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient", + ], + "comparison": "minimum", + } + } + } + + idp/aa/sp ^^^^^^^^^ |