search cancel

Dynamically setting AuthnContextClassRef in the assertions

book

Article ID: 42075

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Question:

 How to make the Authentication Level available to Assertion Generator Plug-in for customizing the assertion? This information can be used to dynamically set the AuthnContextClassRef with the Authentication Level value.

 

Environment:  

12.5 and above.

 

Answer: 

 

Well-known user attribute of "SM_AUTHENTICATIONLEVEL" can be retrieved using the UserContext object inside the Assertion Generator Plug-in method "customizeAssertion (APIContext apiContext, UserContext userContext, java.lang.String pluginParam, java.lang.String input, java.lang.StringBuffer output.

 

 

Additional Information: 

Dynamically setting AuthnContextClassRef in the assertions based upon the authentication scheme or authentication level that the SSO user authenticated with; currently the Assertion Generator API does not have that information exposed to it.

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component: