Authentication Context Class


Authentication Context Class is defined in SAML[1] and OpenID Connect[2]

If a Relying Party is to rely on the authentication of a principal by an Identity Provider (IDP), the Relying Party may require information additional to the assertion itself in order to assess the level of Assurance they can place in that assertion. The Authentication Context Class concept is for the Identity Provider (IDP) to provide to the Relying Party this additional information.

Additionally, this specification defines a number of Authentication Context Classs; categories into which many Authentication Context declarations will fall, thereby simplifying their interpretation.[1]

Authentication Context Class specifies a set of business rules that authentications are being requested to satisfy. These business rules can often be satisfied by using a number of different specific Authentication Method Reference Values, either singly or in combination.

OpenID Connect#

Authentication Context Class is a Set of Authentication Methods or Authentication procedures that are considered to be equivalent to each other in a particular context.

The Authentication Context Class Reference (acr) are defined in as a response parameter for the Identity Token.

acr, acr_values, default_acr_values and acr_values_supported#

Each of these Authentication Context Class Values should be in agreement and all parties should agree on which values will be used.

Authentication Context Class Values#

Authentication Context Class Values we have been able to find.

Security Assertion Markup Language (SAML)#

Authentication Context Class are defined in section 3.4 of the Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0 Specification[1] in XML Schema documents.

Only a subset of the Authentication Context Classes defined in this specification is supported by ADFS 2.0.

More Information#

There might be more information for this subject on one of the following: