Hello community,
We already use 'OAuth 2.0/OpenID Connect' to log in to our OIM-Backend-Tools (Manager, Designer, ....).
Now we want to make Strong Authentication mandatory (Yubikeky+PIN) and prevent login with username+password.
For this we have to extend the OpenID request with the parameter acr_values.
The request string required by the provider:
<AMBaseURL>/oauth2/<realmPath>/authorize?client_id=<client-id>&state=<app-state>&scope=openid%20profile&redirect_uri=<redirect-uri>&response_type=code&nonce=<nonce>&acr_values=<acr-value>
Let's split the request string:
OI Setting |
Parameter in request |
Login Endpoint (screenshot) |
<AMBaseURL>/oauth2/<realmPath>/authorize |
Client ID (screenshot) |
client_id=<client-id> |
Value okay: set dynamically |
state=<app-state> |
Scope (screenshot) |
scope=openid%20profile |
Redirect URI (screenshot) |
redirect_uri=<redirect-uri> |
Value okay |
response_type=code |
Value okay: set dynamically |
nonce=<nonce> |
missing value |
acr_values=<acr-value> |
Question:
We can successfully send all the requested values with the string, but not the acr_values. Where can I enter this additional value in the OI settings?