Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-847 Step-up Authentication
  3. KEYCLOAK-19913

Ability for client to specify default level for LoA

    XMLWordPrintable

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Obsolete
    • 17.0.0
    • None
    • None
    • None
    • NEW
    • NEW

    Description

      We may want the ability for the client to specify default LoA level. That can work like:

      • Client will have configuration option like "Minimum LoA level" . This will refer to the LoA value, which we want to achieve for the particular client
      • If "acr_values" parameter is not used, the LoA specified by "Minimum LoA level" for that client would be used
      • If "acr_values" or "claims" parameter is used to request lower level than "Minimum LoA level", the authentication should use the "Minimum LoA level" instead of the lower level. In other words, the parameters don't have a way to "downgrade" the level, which is specified by "Minimum LoA level"

      Attachments

        Activity

          People

            Unassigned Unassigned
            mposolda@redhat.com Marek Posolda
            Votes:
            2 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: