The Trust Levels allows you to specify an authentication level or rank for class types that do not appear on the Defaults page and for which you have not defined a contract. The level is used to rank the requested type. Using the authentication level and the comparison context, Identity Server can determine whether any contracts meet the requirements of the request. If one or more contracts match the request, the user is presented with the appropriate authentication prompts. For more information and other configuration options, see Section 6.1.5, Specifying Authentication Defaults and Specifying Authentication Types
On the Home page, click Identity Servers > [cluster name] >Authentication > Classes > Plus icon.
Under General, select Trust Levels. Click Plus icon.
Specify the following details:
|
Field |
Description |
|---|---|
|
Property Name |
The name of the property. For example, SetClassTrustLevels. |
|
Property Value |
The value of the property. For example, True. |
For each class type for which you want to set a level, create a property for that class.
Set the Property Name to the name of the class. For example, use one of the following:
urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol
For additional values, see the SAML2 Authentication Context Specifications.
Set the Property Value to the security level or rank you want for the class. A level of 2 is higher than a level of 1.
Click Save, then update the Identity Server.