The Requested AuthN Context Authentication Selector enables PingFederate to choose configured authentication sources or other selectors based on the authentication context (or contexts) requested by an SP for Browser SSO requests or an RP for OAuth with OpenID Connect use cases in one or more authentication policies.
For Browser SSO, this authentication selector works in conjunction with SP connections via SAML 2.0 only, using the SP-initiated SSO profile; other Browser SSO protocols do not support authentication context. For OAuth, clients supporting the OpenID Connect protocol must include the optional acr_values parameter in their authorization requests to indicate their preferred authentication context (or contexts).
- Click Manage Authentication Selector Instances screen. to open the
- On the Manage Authentication Selector Instances screen, click Create New Instance to start the Create Authentication Selector Instance configuration wizard.
- On the Type screen, configure the basics of this authentication selector instance.
-
On the Authentication Selector screen, configure the
applicable selector instance settings.
-
On the Selector Result Values screen, specify the
authentication contexts to be used as the criteria.
-
To complete the configuration:
- Click Done on the Summary screen.
- Click Save on the Manage Authentication Selector Instances screen.