Document new authnLevel options for issuer services (#2124)

5 years ago · 953e39817d
parent cb43b27904
commit 953e39817d
5 changed files with 17 additions and 2 deletions
--- a/doc/pages/manager-api/index.html
+++ b/doc/pages/manager-api/index.html
@ -868,6 +868,9 @@
    "allowOffline" : {
      "type" : "boolean"
    },
+    "authnLevel" : {
+      "type" : "integer"
+    },
    "rule" : {
      "type" : "string"
    },
@ -1057,6 +1060,9 @@
      "type" : "integer",
      "default" : 72000
    },
+    "authnLevel" : {
+      "type" : "integer"
+    },
    "rule" : {
      "type" : "string"
    },
--- a/doc/sources/admin/idpcas.rst
+++ b/doc/sources/admin/idpcas.rst
@ -109,6 +109,8 @@ Options
   application.
 -  **User attribute** : session field that will be used as main
   identifier.
+-  **Authentication Level** : required authentication level to access this
+   application
 -  **Rule** : The access control rule to enforce on this application. If
   left blank, access will be allowed for everyone.

--- a/doc/sources/admin/idpopenidconnect.rst
+++ b/doc/sources/admin/idpopenidconnect.rst
@ -268,7 +268,8 @@ Options
      https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
      for details. These offline sessions can be administered through
      the Session Browser.
-   - **Allow OAuth2.0 Password Grant** (since version ``2.0.8``) Allow the use of the Resource Owner Password Credentials Grant on by this client. This feature only works if you have configured a form-based authentication module.
+   - **Allow OAuth2.0 Password Grant** (since version ``2.0.8``): Allow the use of the Resource Owner Password Credentials Grant on by this client. This feature only works if you have configured a form-based authentication module.
+   - **Authentication Level**: required authentication level to access this application
   - **Access Rule**: lets you specify a :doc:`Perl rule<rules_examples>` to restrict access to this client

 - **Logout**
--- a/doc/sources/admin/idpsaml.rst
+++ b/doc/sources/admin/idpsaml.rst
@ -162,10 +162,12 @@ These options override service signature options (see
 Security
 ''''''''

-  **Encryption mode**: set the encryption mode for this IDP (None,
+-  **Encryption mode**: set the encryption mode for this SP (None,
   NameID or Assertion).
 -  **Enable use of IDP initiated URL**: set to ``On`` to enable IDP
   Initiated URL on this SP.
+-  **Authentication Level**: required authentication level to access this SP
+-  **Access Rule**: lets you specify a :doc:`Perl rule<rules_examples>` to restrict access to this SP


 .. tip::
--- a/doc/sources/manager-api/openapi-spec.yaml
+++ b/doc/sources/manager-api/openapi-spec.yaml
@ -1098,6 +1098,8 @@ components:
        notOnOrAfterTimeout:
          type: integer
          default: 72000
+        authnLevel:
+          type: integer
        rule:
          type: string
        forceUTF8:
@ -1181,6 +1183,8 @@ components:
          type: string
        allowOffline:
          type: boolean
+        authnLevel:
+          type: integer
        rule:
          type: string
        IDTokenSignAlg: