Request authentication at a specific LoA

An example Apache configuration snippet where a request for a specific URL triggers a SAML request with LoA 2.
The LoA identifier is specific for the Production environment!

 

<Location /secure>
    AuthType shibboleth
    ShibRequestSetting requireSession 1
    ShibRequestSetting authnContextClassRef http://surfconext.nl/assurance/loa2
    require valid-user
</Location>

 

Example of the resulting subset of environment variables:

 

[Shib-Application-ID] => default
[Shib-Session-ID] => _77421bdf5f17e10c70efb9a89aa3737e
[Shib-Authentication-Instant] => 2013-10-29T22:08:46Z
[Shib-Authentication-Method] => http://surfconext.nl/assurance/loa3
[Shib-AuthnContext-Class] => http://surfconext.nl/assurance/loa3
[Shib-Session-Index] => c8a493e33432686feb5cc683a9fd0c7c

Note that a LoA2 authentication was requested, yet the user was authenticated at LoA3.

More info