Step up authentication Use Case.

its all about the trust level (or Authentication level) in authentication scheme of authN policies related to a application domain.

Consider the following use case:

You have two web resources sampleApp/** and /bootstrap/** to protect within a same application domain stepUpProtectedApp . You want sampleApp/** should be protected with higher level of authentication than /bootstrap/**, asking some higher kind of credentials (like secret questions etc) or just re-authentication.

Solution

If you are using authN policy with authN scheme with trust level 2 for a resource, after authentication you can 
access level 2 or lower resources in that domain.

So

1. Create an authN policy Level 2 AuthN Policy by creating a customized authN scheme custom_login_scheme Level 2 with authentication level 2 and apply this plicy to sampleApp/**

• so first create custom_login_scheme Level 2
  
• then create Level 2 AuthN Policy
  
• apply Level 2 AuthN Policy to sampleApp/**

1. Create another authN policy Level 1 AuthN Policy by creating a customized authN scheme custom_login_scheme Level with authentication level 1 and apply this plicy to bootstrap/**

• so first create custom_login_scheme Level 1
  
• then create Level 1 AuthN Policy
  
• apply Level 1 AuthN Policy to bootstrap/**

Conclusion

Now if you try to access `/bootstrap/**` first, it will ask for credential and after login successfully if you try to access `sampleApp/**`, OAM will ask re-authentication.

Again if you loginto to access `sampleApp/**` and after it if you try to access `/bootstrap/**`, OAM will never challenge you.

Note: You can use any authentication scheme and change the levels to customize it.