ACR configuration with flows

Prerequisites

  • The AS must be configured.
  • The authentication flows must be configured.
  • Optionally: The Loginapp UI must be configured.

Instructions

acr_values in the authorization request to select an authentication flow

  1. Go to:
    Loginapp >> OAuth 2.0/OIDC Authorization Servers >> {{AS-Id}} >> OAuth 2.0 Grants/OIDC Flows >> OIDC Authorization Code / Hybrid Flow.
  2. In the section Flow Settings, create and edit an ACR to Flow Application ID Mapping plugin.
  3. Set the ACR Value to match the acr value.
  4. Set the Flow Application ID to select an authentication flow, that will achieve the requested authentication quality.
  5. A client requesting specific acr_values will be directed to the correct authentication flow.

acr value to return in the ID token

  1. Go to:
    Loginapp >> OAuth 2.0/OIDC Authorization Servers >> {{AS-Id}} >> OAuth 2.0 Grants/OIDC Flows >> OIDC Authorization Code / Hybrid Flow.
  2. In the section ID Token, create a plugin in the ID Token ACR Claim (Flow) property.
    • Use a Flow Selection Based OIDC ID Token ACR Value plugin if the requested acr_values should be returned in the ID token.
    • Use a Flow Condition Based OIDC ID Token ACR Value plugin if the returned acr_value should be derived from flow tags, i.e. if the should contain information about the exact authentication method used.
  4. The acr value is returned in the ID token.