Hello. I would like to ask you for an advice. Our WSO2 IS IDP trusts to a federated IDP. There is in SAML Assertion from FedIDP also assertion attribute QAALevel. When it is equal 4, a user is authenticated by smart card. When it is =1, this user is authenticated using social networks. We need to allow login to our IDP only for users with QAALevel=4. How to achieve this? I found some article about programmimg own authentication module (http://blog.facilelogin.com/2016/02/enforce-password-reset-for-expired.html). But is this the only possible solution? Cannot we use for example claim attribute "Regular Expression"? I tried this by defining new local Claim "QAALevel" with regex pattern "4" but without success. Can you suggest me any other possible solutions? Thank you for your answers. Roman
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
