If yo refer to setting the AuthnContext, I believe that should
already be supported by setting the 'AuthnContextClassRef' option.
> The IdP, upon receiving the Authentication Request and authenticating
> the user, will also add the LoA of the authentication mechanism to the
> AuthnContextClassRef element of the response.
This is currently possible with the change in r2656.
> The LoA of each
> authentication mechanism can be added/edited at the respective entry
> inside the authsources.php.
Not supported, and I don't think this is the right place to add it.
Instead, I think you need a specific authentication source, that can
check the authentication context the SP requires, and selects the
next authsource based on that. Then it could also add the
authentication context to the response.
> With that said, I need to add this feature both at the SP and IdP.
> Could anyone please tell me the right source files that I need to look
> at? Any idea or suggestion will be highly appreciated.
A lot of changes are necessary, including some changes to the Session
class in order to detect that the current level of assurance is lower
than the one the SP requests.
You will also need to add some code to modules/saml/lib/IdP/SAML2.php,
so that it can extract the requested authentication context from the
authentication request.
Regards,
Olav Morken
UNINETT / Feide