Using 'acr' claim for multi-factor authentication in RH-SSO

Solution Unverified - Updated -

Issue

  • I have implemented a custom 2FA via Service-Provider-Interface. The claim amr in the Access Token looks like amr: { 'pwd', otp' }, which is fine. But I can't set the value of the claim acr (with for example a value of 2). How can I set my own value to claim acr in the Access Token?
  • Does Keycloak/RH-SSO allow using the acr claim to actually support scenarios like multi-factor authentication, or step-up authentication?
  • What is the level of support for acr in Keycloak/RH-SSO?

Environment

  • Red Hat Single Sign-On (RH-SSO)
    • 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content