Child pages
  • Configuring a Shibboleth SP for step-up authentication

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

See also some generic instructions for connecting a Shibboleth SP to SURFconext:
An example Apache configuration snippet where a request for a specific URL triggers a SAML request with a higher LoA:
 
Code Block
languagexml
<Location /secure>
 

 
 
 
 
 
      AuthType shibboleth
 

 
 
 
 
 
      ShibRequestSetting requireSession 1
 

 
 
 
 
 
      ShibRequestSetting 
authnContextClassRef 
authnContextClassRef http://suaas.example.com/assurance/loa2
 

 
 
 
 
 
      require valid-user

</Location>

 

An example of the resulting subset of environment variables:
Code Block
[Shib-Application-ID] => default

[Shib-Session-ID] => _77421bdf5f17e10c70efb9a89aa3737e
[Shib-Identity-Provider] => http://suaas-gw.surfnet.nl/metadata
[Shib-Authentication-Instant] => 2013-10-29T22:08:46Z
[Shib-Authentication-Method] => http://suaas.example.com/assurance/loa3
[Shib-AuthnContext-Class] => http://suaas.example.com/assurance/loa3


[Shib-Session-Index] => c8a493e33432686feb5cc683a9fd0c7c
[persistent-id] => http://suaas-gw.surfnet.nl/metadata!https://suaas-sp.surfnet.nl/shibboleth!urn:collab:person:surfnet.nl:
john
john