Authen::NZRealMe::LogonStrength - Manipulate NZ RealMe Login service AuthnContextClassRef values


The NZ RealMe Login service supports the notion of logon strength. For example a user session authenticated with a username and password is a 'low strength' logon. Whereas authenticating with a user, password and SecurID token will result in a moderate strength logon. The different logon strengths are represented by URNs which will be present in the initial SAML AuthnRequest message as well as the assertion in the resulting ArtifactResponse.

This class is used to encapsulate the URNs and to provide methods for comparing the strength of one URN to another.


The following constants are defined for referring to URNs:



new( strength )

Creates an object from the named strength identifier which might be a word (e.g.: 'low'), a URN (see the RealMe Login service SAML v2.0 Messaging Specification), or a URN fragment matching the last portion of a URN (e.g.: 'OTP:Token:SID').

urn( )

Returns the URN for the selected logon strength.

score( )

Returns the strength score (currently either 10 or 20) which is used when comparing strengths using the 'minimum' match type.

assert_match( required_strength, strength_match )

This method returns if the provided logon strength matches the required strength, or dies if the strength does not meet the specified requirement.

The required_strength will default to 'low' if not provided.

The strength_match parameter must be 'exact' or 'minimum' (default 'minimum'). When comparing different logon strengths, the rules outlined in the RealMe Login service SAML v2.0 Messaging Specification are used.


See Authen::NZRealMe for documentation index.


Copyright (c) 2010-2022 Enrolment Services, New Zealand Electoral Commission

Written by Grant McLean <>

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.