By: John Lister user 19 Jun 2024 at 1:55 p.m. CDT

3 Responses
John Lister gravatar
I was wondering if it was possible to choose the authentication method. For example consider that I want to offer social/federated signon, username+password and webAuthn as options. It there an option to show a page where the user chooses what method they would like to use and therefore the ACR. I assume I can use an authenication script, but this would seem to require placing all the different methods inline within the same script - I can't see a way to chain different authenication scripts together?

By Mohib Zico staff 19 Jun 2024 at 2:16 p.m. CDT

Mohib Zico gravatar
Hello, Yes, it's possible. You have to combine all scripts together and run that new script as new ACR. As for example, here in this example... we combined passport-social + Duo. https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/duo.passport.combine BTW, Gluu4 is behind paywall now so you should use [Janssen](https://github.com/JanssenProject/jans/discussions) if you want to get free community support. Thanks!

By Michael Schwartz Account Admin 19 Jun 2024 at 2:20 p.m. CDT

Michael Schwartz gravatar
Great question! Business first... we contributed Gluu to Linux Foundation in 2020. The open source now lives at the "Janssen Project": * [Janssen Project Home](https://jans.io) * [Jans Docs](https://docs.jans.io) * [Community Suypport](https://jans.io/discussions) To answer your question... In your OpenID Authn request, make sure your client specifies the `acv_values` param as `casa` . This will invoke the Universal Prompt. See the [Jans Casa docs](https://docs.jans.io/v1.1.2/casa/). Casa is also a portal for end users to manage their creds.

By John Lister user 24 Jun 2024 at 2:16 a.m. CDT

John Lister gravatar
Thanks for the answers, not realised gluu O/S had transitioned to Janssen, will investigate. For my use-case thinking generic aCR for choice page and then do a redirect back with the chosen ACR value. We need the ability to receive values from clients so want to avoid implementing multiple interception scripts