[mitreid-connect] support for acr in id_token

Naveen Jamal nj at tyfone.com
Tue Mar 10 08:02:53 EDT 2015


hi all,

  i'm trying to extend the openid connect server to support returning an
acr value in the id_token based on how the user authenticated
(username/password, OTP, soft token, hard token, ...) .

  i've been able to display a custom login form that accepts the necessary
extra text fields (along with username and password) based on the
acr_values passed to the authorize endpoint, and can also validate the
extra user input to decide which acr was achieved.

  i'm having trouble figuring out how to get the acr (as inferred by the
login submission) returned via token endpoint. i see that i'll have to add
acr to the idClaims object in DefaultOIDCTokenService.java to get it to be
returned as part of the id_token, but can't figure out how to make the acr
value inferred at login form submission to be accessible at the
DefaultOIDCTokenService. Seems like it needs to be part of the stored in
the authentication longblob field in the authorization_code table?

  any suggestion on how i should go about this?

  thanks in advance,

-naveen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150310/a009d54c/attachment.htm


More information about the mitreid-connect mailing list