The Requested AuthN Context Authentication Selector enables PingFederate to choose configured authentication sources or other selectors.
This selector chooses authentication sources or selectors based on the authentication contexts requested by a service provider (SP)) for browser single sign-on (SSO) requests, or a relying party (RP) for OAuth with OpenID Connect (OIDC) use cases in authentication policies.
For browser SSO, this authentication selector works in conjunction with SP connections with SAML 2.0 only, using the SP-initiated SSO profile. Other browser SSO protocols do not support authentication context. For OAuth, clients supporting the OIDC protocol must include the optional acr_values parameter in their authorization requests to indicate their preferred authentication context, or contexts.
- Go to Selectors window. to open the
- On the Selectors window, click Create New Instance to start the Create Authentication Selector Instance workflow.
- On the Type tab, configure the basics of this authentication selector instance.
-
On the Authentication Selector tab, configure the applicable
selector instance settings:
-
In the Selector Result Values window, specify the
authentication contexts to use as the criteria:
-
Complete the configuration.
- On the Summary tab, click Done.
- On the Selectors window, click Save.