Hello,

I have been searching information about the possibility to use the information about the authentication method a client has used to authenticate against the server... to use this information for a decision about the redirect to e.g. a Portlet Page.

Example:
There is a Portlet instance within a Portal Page that is accessed by the user that requires at least a client-certificate. But when the user has been challenged for authentication before, he was logged in using form-based authentication.
Now the user should be challenged again, due to the fact of his low authentication strength.
===

Is there any possibility to set (and read at runtime) a required auth-strength for Portal resources? I could not find such a thing in the documentation but I know that it exists e.g. in the Apache WebServer.
Furthermore, is there maybe an extension to handle the described scenario?

Many thanks for any contribution!!