KOBIL Condition - ACR Selection
Overview
This execution contains the following main steps:
- This execution requires the expected Step-up ACR value, the current ACR value from the session, and the respective execution ACR value set in the configuration.
- This Conditional execution will allow the next step to proceed only if both the expected step-up ACR value and the respective execution ACR value are greater than the user's current ACR value.
Type
| Protocol | OpenID Connect 1.0 |
|---|---|
| HTTP method | GET |
| Type | Browser Flow |
| Endpoint | Authorization Endpoint |
| Flow Supported | Authorization code flow Implicit flow Hybrid flow |
| Response | ID Token, Access Token, Refresh Token |
| Response Mode | query, form_post, fragment |
How to configure
To configure the authenticator, follow these steps
- Select the
Settingsbutton - Click
Config.
Choose the actions you want to proceed with and enter the necessary configuration data. By following these steps, you will be able to successfully configure the authenticator.
Configuration
Parameters involved in KOBIL Condition - ACR Selection execution
| Parameter | Description |
|---|---|
| Alias | Name for the overall configured configurations which occurs in particular authenticator. (Example: ACR 1) |
| Authenticator Reference | A custom name for the authenticator that populates the AMR claim in tokens after successful authentication. |
| Authenticator Reference Max Age | Specifies the maximum age (in seconds) of the last successful authentication for this authenticator, after which the system requires re-authentication. |
| Respective ACR value | ACR value of the device should be greater or equal to the configured value in Respective ACR value configuration. |
User Flow
This execution contains the following main steps:
- KOBIL Condition - ACR selection must fall under the conditional flow and be followed by password, email, and phone authenticators (For instance: KOBIL Username Password), as it retrieves the expected step-up ACR value and current ACR value from the session via the KOBIL Configure ACR authenticator.
- This execution will be used only for the Step-Up flow.
- Refer ACR value.