0 Replies Latest reply on Aug 23, 2006 10:35 AM by Matthias Falkenberg

    Authentication-strength to secure resources?

    Matthias Falkenberg Newbie

      Hello,

      I have been searching information about the possibility to use the information about the authentication method a client has used to authenticate against the server... to use this information for a decision about the redirect to e.g. a Portlet Page.

      Example:
      There is a Portlet instance within a Portal Page that is accessed by the user that requires at least a client-certificate. But when the user has been challenged for authentication before, he was logged in using form-based authentication.
      Now the user should be challenged again, due to the fact of his low authentication strength.
      ===

      Is there any possibility to set (and read at runtime) a required auth-strength for Portal resources? I could not find such a thing in the documentation but I know that it exists e.g. in the Apache WebServer.
      Furthermore, is there maybe an extension to handle the described scenario?

      Many thanks for any contribution!!