...
An example Apache configuration snippet where a request for a specific URL triggers a SAML request with LoA 2.
The LoA identifier is specific for the Production environment!
< Location /secure> AuthType shibboleth ShibRequestSetting requireSession 1 ShibRequestSetting authnContextClassRef http://surfconext.nl/assurance/loa2 require valid-user </ Location > |
Example of the resulting subset of environment variables:
[Shib-Application-ID] => default [Shib-Session-ID] => _77421bdf5f17e10c70efb9a89aa3737e [Shib-Identity-Provider] => https://sa-gw.surfconext.nl/authentication/metadata [Shib-Authentication-Instant] => 2013-10-29T22:08:46Z [Shib-Authentication-Method] => http://surfconext.nl/assurance/loa3 [Shib-AuthnContext-Class] => http://surfconext.nl/assurance/loa3 [Shib-Session-Index] => c8a493e33432686feb5cc683a9fd0c7c |
Note that a LoA2 authentication was requested, yet the user was authenticated at LoA3.