Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1277

Maximum Authentication Age

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.4.0
    • Component/s: Authentication
    • Labels:
      None

      Description

      In oidc request http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest it is possible to set value for max_age parameter.  "It Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP".

      Current shibboleth idp does not support filtering active in step ExtractActiveAuthenticationResults by this parameter. For geant oidc plugin we have made a workaround to refilter extracted results by max_age parameter. Should IdP support this we would not have to modidy the flow to perform this extra step. 

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            jalauros@csc.fi Janne Lauros
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 30 minutes
                1h 30m