libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
keycloak-scim/docs/documentation/server_admin/topics/login-settings/acr-to-loa-mapping.adoc
Stan Silvert a1445cd93f
Minor doc fix. (#30899) 
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
2024-06-27 16:18:32 -04:00

11 lines
944 B
Text
Raw Blame History

[[_mapping-acr-to-loa-realm]]
== ACR to Level of Authentication (LoA) Mapping
In the general settings of a realm, you can define which `Authentication Context Class Reference (ACR)` value is mapped to which `Level of Authentication (LoA)`. The ACR can be any value, whereas the LoA must be numeric.
The acr claim can be requested in the `claims` or `acr_values` parameter sent in the OIDC request and it is also included in the access token and ID token. The mapped number is used in the authentication flow conditions.
Mapping can be also specified at the client level in case that particular client needs to use different values than realm. However, a best practice is to stick to realm mappings.
image:images/realm-oidc-map-acr-to-loa.png[alt="ACR to LoA mapping"]
For further details see <<_step-up-flow,Step-up Authentication>> and https://openid.net/specs/openid-connect-core-1_0.html#acrSemantics[the official OIDC specification].
Reference in a new issue View git blame Copy permalink