5.11.5 Defining Options for WS Federation Service Provider Service Provider

You can use Access Manager as an identity provider for several service providers. You can configure a specific authentication contract that is required for a service provider. If you have configured more than one authentication contract for a service provider, the contract with minimum level is selected.

When providing authentication to a service provider, Identity Server ensures that the user is authenticated by the required contract. When a user is not authenticated or when a user is authenticated, but the authenticated contracts do not satisfy the required contracts, user is prompted to authenticate with the required contract. This is called step-up authentication.

If no required contract is configured, then the default contract is executed.

Perform the following steps to define options for a WS Federation service provider:

  1. Click Devices > Identity Servers > Servers > Edit > WS Federation > Service Provider > Options.

  2. Select the required step-up authentication contracts from Available contracts and move them to the Selected contracts list. This enables the step-up authentication for the service provider.

    NOTE:Only the contract that is configured first in Selected contracts will be executed.

    Only local authentication contracts can be used for WS Federation service provider.

  3. Click OK > Apply.