[DOCS] Add RequestedAuthnContext Documentation #32946
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Docs for elastic#31238 - Adds documentation for the req_authn_context_class_ref setting - Adds a section in SAML Guide regarding the use of SAML Authentication Context.
jkakavas
added
>docs
Collaborator
|
Pinging @elastic/es-security |
tvernum
reviewed
Aug 20, 2018
| in the Authentication Request. The IdP attempts to grant these restrictions, | ||
| and either returns an indication of which it satisfied in the Authentication | ||
| Statement of the SAML Response if it can, or it fails to authenticate the | ||
| user if it can't adhere to the restrictions. |
Contributor
There was a problem hiding this comment.
I think this will read better if it's more of a "if-scenario-A, then action-B ..." rather than "Either action-B if scenario-A, or ..."
For example
attempts to grant these restrictions,
and if it cannot adhere to the restrictions, then it fails the authentication attempt.
If the user is successfully authenticated, then the Authentication Statement of the
SAML Response will return an indication of the restrictions that were satisfied.
| the Authentication Context Class Reference that is part of the | ||
| Authentication Statement of the SAML Assertion is examined. If it matches | ||
| one of the requested values, the authentication is considered successful, | ||
| otherwise failed. |
Contributor
There was a problem hiding this comment.
Maybe
otherwise, the authentication attempt fails.
?
| A comma separated list of Authentication Context Class Reference values to be | ||
| included in the Requested Authentication Context when requesting the IdP to | ||
| authenticate the current user. The Authentication Context of the corresponding | ||
| authentication response should contain at least one of the requested values. |
Contributor
There was a problem hiding this comment.
Does this need a link to the more complete explanation?
It doesn't make sense on its own unless you're a hard-core SAML expert.
lcawl
approved these changes
Aug 21, 2018
Contributor
lcawl
left a comment
lcawl
left a comment
There was a problem hiding this comment.
I've made some edits, now it LGTM
tvernum
approved these changes
Aug 22, 2018
jkakavas
added a commit
that referenced
this pull request
Aug 22, 2018
Add documentation for #31238 - Add documentation for the req_authn_context_class_ref setting - Add a section in SAML Guide regarding the use of SAML Authentication Context.
jkakavas
added a commit
that referenced
this pull request
Aug 22, 2018
Add documentation for #31238 - Add documentation for the req_authn_context_class_ref setting - Add a section in SAML Guide regarding the use of SAML Authentication Context.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Docs for #31238
Authentication Context.