Prerequisites
- The AS-centric AS must be configured.
- The authentication flows must be configured.
- Optionally: The REST UI must be configured.
Instructions
- acr_values in the authorization request to select an authentication flow
- Go to:
Loginapp >> OAuth 2.0/OIDC Authorization Servers >> {{AS-Id}} >> OAuth 2.0 Grants/OIDC Flows >> OIDC Authorization Code Flow. - In the section Flow Settings create and edit an ACR to Flow Application ID Mapping plugin.
- Set the ACR Value to match the acr value.
- Set the Flow Application ID to select an authentication flow, that will achieve the requested authentication quality.
- A client requesting a specific acr_values will be directed to the correct authentication flow.
- acr value to return in the ID token
- Go to:
Loginapp >> OAuth 2.0/OIDC Authorization Servers >> {{AS-Id}} >> OAuth 2.0 Grants/OIDC Flows >> OIDC Authorization Code Flow. - In the section ID Token create a plugin in the ID Token ACR Claim (Flow) property.
- Use a Flow Selection Based OIDC ID Token ACR Value plugin if the requested acr_values should be returned in the ID token.
- Use a Flow Condition Based OIDC ID Token ACR Value plugin if the returned acr_value should be derived from flow tags. I.e. if the should contain information about the exact authentication method used.
- The acr value is returned in the ID token.