Question:
How to make the Authentication Level available to Assertion Generator Plug-in for customizing the assertion? This information can be used to dynamically set the AuthnContextClassRef with the Authentication Level value.
Environment:
12.5 and above.
Answer:
Well-known user attribute of "SM_AUTHENTICATIONLEVEL" can be retrieved using the UserContext object inside the Assertion Generator Plug-in method "customizeAssertion (APIContext apiContext, UserContext userContext, java.lang.String pluginParam, java.lang.String input, java.lang.StringBuffer output.
Additional Information:
Dynamically setting AuthnContextClassRef in the assertions based upon the authentication scheme or authentication level that the SSO user authenticated with; currently the Assertion Generator API does not have that information exposed to it.