additional info in the rp rqst & reauth by idp
cantor.2 at osu.edu
Tue Nov 27 10:35:42 EST 2012
On 11/27/12 10:30 AM, "ci_98yr" <ci_98yr at yahoo.com> wrote:
>Assuming the RP/SP is shib, where and how do we set the "forceAuthn"
>dynamically ; any pointers/samples for this?
Apache via ShibRequestSetting, RequestMap, etc. Search the wiki.
That isn't sufficient to prevent SSO. You have to enforce a limited window
from the time of authentication such as with the maxTimeSinceAuthn option
or application logic.
More information about the users