Overview#Authentication Context Class is used to convey to the Service Provider additional information in determining the Level Of Assurance for an Authentication request.
If a Relying Party is to rely on the authentication of a principal by an Identity Provider (IDP), the Relying Party may require information additional to the assertion itself in order to assess the level of Assurance they can place in that assertion. The Authentication Context Class concept is for the Identity Provider (IDP) to provide to the Relying Party this additional information.
Authentication Context Class specifies a set of Policies that authentications are being requested to satisfy. These Policies can often be satisfied by using a number of different specific Authentication Context Class, either singly or in combination.Authentication Methods or Authentication procedures that are considered to be equivalent to each other in a particular context. Authentication Context Class Values should be in agreement and all parties should agree on which values will be used.
- acr_values_supported - populated in OpenID Connect Discovery for the Identity Provider (IDP)
- acr - Authorization Server as a Claim value returned in the Identity Token
- acr_values - request by the OAuth Client in the Authentication Request
- default_acr_values - populated by the OAuth Client in OAuth 2.0 Client Registration
Only a subset of the Authentication Context Classes defined in this specification is supported by ADFS 2.0.
More Information#There might be more information for this subject on one of the following:
- Authentication Context Class Reference
- Authentication Context Class Values
- Authentication Context Class vs Authentication Method Reference
- Authentication Method
- Authentication Method Reference
- WebAuthn Attestation
- Windows Logon Types
- [#1] - Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0 - based on information obtained 2005-04-10