ACR configuration with flows
17.7.1.5. AS-centric AS - ACR configuration with flows

Prerequisites

  • The AS-centric AS must be configured.
  • The authentication flows must be configured.
  • Optionally: The REST UI must be configured.

Instructions

  • acr_values in the authorization request to select an authentication flow
  • 1.
    Go to:
    Loginapp >> OAuth 2.0/OIDC Authorization Servers >> {{AS-Id}} >> OAuth 2.0 Grants/OIDC Flows >> OIDC Authorization Code Flow.
  • 2.
    In the section Flow Settings create and edit an ACR to Flow Application ID Mapping plugin.
  • 3.
    Set the ACR Value to match the acr value.
  • 4.
    Set the Flow Application ID to select an authentication flow, that will achieve the requested authentication quality.
  • A client requesting a specific acr_values will be directed to the correct authentication flow.
  • acr value to return in the ID token
  • 1.
    Go to:
    Loginapp >> OAuth 2.0/OIDC Authorization Servers >> {{AS-Id}} >> OAuth 2.0 Grants/OIDC Flows >> OIDC Authorization Code Flow.
  • 2.
    In the section ID Token create a plugin in the ID Token ACR Claim (Flow) property.
    • Use a Flow Selection Based OIDC ID Token ACR Value plugin if the requested acr_values should be returned in the ID token.
    • Use a Flow Condition Based OIDC ID Token ACR Value plugin if the returned acr_value should be derived from flow tags. I.e. if the should contain information about the exact authentication method used.
  • The acr value is returned in the ID token.