This plugin is deprecated and will be removed in V4.0 due to the inability to accurately represent authentication in the IdP as a single string value. It may be replaced with scripting to interrogate the full authentication state of the subject.

Overview

The deprecated AuthenticationMethod (basic:AuthenticationMethodString prior to V3.2) is a PolicyRule which returns true if the authentication method used to authenticate the user matches the supplied string.

Schema Name

The deprecated AuthenticationMethod type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated basic:AuthenticationMethodString type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd

Attributes

Two attributes may be specified:

value : a required attributes which specifies the string to match against
ignoreCase : an optional attribute (default false) which specifies whether the case is to be ignored.

Child Elements

None

Example

<PolicyRequirementRule xsi:type="AuthenticationMethod" value="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />

Apply this rule if the user logged in via the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport mechanism.

Browser not supported