Set the authentication context

You can specify at the Genero Application Server level how the Identity Provider must authenticate a user that wants to access a Genero Web application via a browser.

See the SAML core specification for the list of supported URNs. There are several methods (password protected, X509 certificate, PGP) but not all work for Web-based Single Sign On.
Note: For most Web Single Sign On, the default authentication method is password protected.
SAML provides a mechanism that allows a service provider (Genero Application Server) to define how a user must be athenticated by the Identity Provider (IdP). The Genero Application Server supports an optional tag (AUTHCONTEXT) that allows you to specify which authentication method to use.
If the tag is not set, the default mechanism set in the IdP is used.
Important: Do not specify this tag unless you require a specific authentication method.
Add an AUTHCONTEXT tag as a child of the SAML DELEGATE element in the application configuration (xcf) file. Enter a valid authentication method in the AUTHCONTEXT tag.
<?xml version="1.0"?>
<APPLICATION Parent="defaultgwc"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:noNamespaceSchemaLocation="http://www.4js.com/ns/gas/2.50/cfextwa.xsd">
  <EXECUTION>
    <PATH>$(res.path.qa)/applications/myapp</PATH>
    <MODULE>App.42r</MODULE>
    <DELEGATE service="services/SAMLServiceProvider">
      <AUTHCONTEXT>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</AUTHCONTEXT>
    </DELEGATE>
  </EXECUTION>
</APPLICATION>
The authentication method is defined. If the IdP does not support the specified method, or if it uses another mechanism, the Genero Application Server will return an access denied page.