Stepping up authentication at higher levels

Stepping up authentication at higher levels

We can configure WebSEAL to accept authentication mechanisms configured at a higher level than the level specified in the POP. With this configuration, the user can authenticate directly at the higher level.
To accept higher authentication levels during step-up operations, we must set the value of the step-up-at-higher-level stanza entry to "yes".
[step-up] step-up-at-higher-level = yes

To disallow higher authentication levels during step-up operations, set the value of the step-up-at-higher-level stanza entry to "no".
[step-up] step-up-at-higher-level = no

Default is "no" if we do not configure this configuration entry. That is, by default WebSEAL does not accept higher authentication levels.
Parent topic: Authentication strength policy (step-up)