OIDC certificate suppport

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

OIDC certificate suppport

Kicic Sakib

Hi,

I need to enable certificate authentication in OIDC.

Is there any c:classRef in “shibboleth.OIDCAuthnContextClassReference” bean pointing to x509Internal?

For password looks like this (general-authn.xml):

          <bean parent="shibboleth.OIDCAuthnContextClassReference"

              c:classRef="password" />

 

Regards,


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OIDC certificate suppport

Cantor, Scott E.
On 1/14/20, 3:32 AM, "users on behalf of Kicic Sakib" <[hidden email] on behalf of [hidden email]> wrote:

> Is there any c:classRef in “shibboleth.OIDCAuthnContextClassReference” bean pointing to x509Internal?

The relationship between login flows and supported principals of all the various types (SAML, OIDC, anything else) is arbitrary and under your control.
 
The X.509 flows come configured to recognize the SAML context class principals that are defined in the standard but nobody should ever use those anyway. Contexts should never be technology specific but abstracted to represent general levels of quality known to a deployment to avoid having to change them when technology changes.

So to the extent that OIDC as an equivalent acr to use, I wouldn't use it anyway, for the same reason.
 
-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]