What Level Is Audited When Mapping IdP Authentication Method to OAM SP Authentication Levels? (Doc ID 2066282.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Identity Federation - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Goal

Oracle Access Management (OAM) 11.1.2.x has been configured as a Service Provider (SP) with a remote Identity Provider (IdP).

OAM as SP has been configured to create sessions after IdP login based on the AuthnContext class reference specified in the Assertion received from the IdP.
Reference: How To Set The OAM SP Session Level Depending On IdP Authentication Method (Doc ID 2054099.1)

There may be cases of federated SSO login where OAM creates a session of e.g. Level 3 based on the Assertion AuthnContext class reference but the target resource after login is protected by a lower level authentication scheme e.g. Level 2.

In such cases, will OAM auditing record the AuthnContext-mapped authentication level or the level of the protected resource?


Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms