Authentication Context Class is defined in SAML[1] and OpenID Connect[2]

If a Relying Party is to rely on the authentication of a principal by an Identity Provider (IDP), the Relying Party may require information additional to the assertion itself in order to assess the level of Assurance they can place in that assertion. The Authentication Context Class concept is for the Identity Provider (IDP) to provide to the Relying Party this additional information.

Additionally, this specification defines a number of Authentication Context Classs; categories into which many Authentication Context declarations will fall, thereby simplifying their interpretation.[1]

Authentication Context Class specifies a set of business rules that authentications are being requested to satisfy. These business rules can often be satisfied by using a number of different specific Authentication Method Reference Values, either singly or in combination.

Authentication Context Class Values#

Authentication Context Class Values we have been able to find.

OpenID Connect#

The Authentication Context Class Reference (acr) are defined in as a response parameter for the Identity Token.


Authentication Context Class are defined in section 3.4 of the Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0 Specification[1] in XML Schema documents.

Only a subset of the Authentication Context Classes defined in this specification is supported by ADFS 2.0.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-4) was last changed on 04-Apr-2017 11:54 by jim