Modifying Requested Authn Context
When a user accesses a protected resource in grid which triggers the need for authentication, an authentication request (AuthnRequest) is generated and sent to the Identity Provider (IdP). The AuthnRequest includes information about how the authentication may be conducted in terms of RequestedAuthnContext and Comparison.
The RequestedAuthnContext specifies the recommended authentication method. The available
methods, listed from least secure to most secure, are as follows:
- Username/Password - This authentication method uses a username and a password over an unprotected session.
- Password Protected Transport - This authentication method uses a username and a password over a protected session.
- Transport Layer Security (TLS) Client - This authentication method uses a client certificate, secured with SSL/TLS transport.
- X.509 Certificate - This authentication method uses a digital signature where the key is validated as part of an X.509 Public Key Infrastructure.
- Integrated Windows Authentication - This authentication method uses the Integrated Windows Authentication.
- Kerberos - This authentication method uses Kerberos.
The Comparison property determines whether multiple authentication contexts can be used and
specifies which ones. The available values are:
- exact - Only the specified authentication level is allowed.
- better - The authentication level must be stronger than the specified one.
- minimum - The authentication level must be at least as strong as the specified one.
- maximum - The authentication level must not exceed the specified one.
Note: If the Identity Provider does not support any authentication
methods specified in the AuthnRequest, reconfiguration of the properties is necessary for
authentication to function correctly.
Note: The default value for RequestedAuthnContext is
Password Protected Transport, and the default for Comparison is
minimum. Ensure that the configured authentication method is
supported by the Identity Provider.
The authentication method properties can be modified after the installation. To change the properties:
- From , click .
- Click .
- Select the applicable option from .
- Select the applicable option from .
- Click Save to confirm the changes.