The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.

AuthenticationMethodConfiguration

Owned by Rod Widdowson
Last updated: Feb 03, 2020 by Scott Cantor

This plugin is deprecated and will be removed in V4.0 due to the inability to accurately represent authentication in the IdP as a single string value. It may be replaced with scripting to interrogate the full authentication state of the subject.

Overview

The deprecated AuthenticationMethod (basic:AuthenticationMethodString prior to V3.2) is a PolicyRule which returns true if the authentication method used to authenticate the user matches the supplied string.

Schema Name

The deprecated AuthenticationMethod type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated basic:AuthenticationMethodString type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd

Attributes

Two attributes may be specified:

  • value : a required attributes which specifies the string to match against
  • ignoreCase : an optional attribute (default false) which specifies whether the case is to be ignored.

Child Elements

None

Example

<PolicyRequirementRule xsi:type="AuthenticationMethod" value="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
Apply this rule if the user logged in via the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport mechanism.