17.4.5.5. ACR configuration for the JSP-Loginapp

ACR derived from acquired roles

Airlock IAM provides a large number of authentication methods and the AS-centric AS has been designed to be able to use all these authentication methods with the authorization code flow. Since authentication flows in Airlock IAM are used to acquire roles during the authentication process one important feature of the AS-centric AS is the ability to map acquired roles to ACR.

The role-to-ACR mapping is used to inform the OAuth client about the authentication context category of the authentication flow.

ACR is a part of the ID token and therefore not directly accessible to the relying party.