Hi,
In the documentation, the browser flow to step-up is : Server Administration Guide
It work fine because the “CookieAuthenticator” take into account the LoA.
The “SpnegoAuthenticator” don’t check the LoA
Before submit a PR, I’m asking me if I miss something in the concepts or the documentation.
Thanks for your comments,
Br,