Authentication strength policy (step-up authentication) is supported for external authentication interface authentication.
[authentication-levels]
level = ext-auth-interfaceSee Authentication strength policy (step-up).
You can associate an authentication strength level with an authentication performed by an external authentication interface module. An optional HTTP header can be returned by the external authentication interface module to specify this authentication level.
This header is configured in the same manner as other special external authentication interface headers (see HTTP header names for authentication data).
For example:
[eai]
eai-auth-level-header = am-eai-auth-levelThe authentication strength level value becomes an attribute of the identity structure and the resulting credential. The authentication strength level attribute allows you to implement step-up authentication functionality by operating multiple external authentication interface authentication modules on a single external authentication interface server. Each module can process a different authentication method.
If the authentication strength level does not exist or contains an empty value, the default mechanisms for assigning an authentication level are used.
You must modify the standard WebSEAL login pages appropriately if you enable step-up authentication with external authentication interface authentication. See Login page and macro support with external authentication interface.