In oidc request http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest it is possible to set value for max_age parameter. "It Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP".
Current shibboleth idp does not support filtering active in step ExtractActiveAuthenticationResults by this parameter. For geant oidc plugin we have made a workaround to refilter extracted results by max_age parameter. Should IdP support this we would not have to modidy the flow to perform this extra step.