Electronic signatures

Robert Lowe robertmlowe at rmlowe.com
Thu May 19 12:11:22 EDT 2016

I know this has been discussed before, but the information seems a bit
scattered, so I wanted to check my overall understanding.

I have a requirement to implement electronic signatures. More specifically,
this means that the application gets to request re-authentication in
response to certain application-specific events.

Here's what I *think* I need to do.

   - When the application needs re-authentication, redirect to (assuming
   default handler locations) /Shibboleth.sso/Login?target=*{current-url}*
   - When control returns to the application, check the
   Shib-Authentication-Instant environment variable to ensure that
   re-authentication actually occurred (with allowance for latency and clock

Is this sufficient? What am I missing, or any better approach?

(This is all assuming that the IdP supports ForceAuthn, and is using an
authentication method for which that has a reasonable interpretation.)

Best regards,

Robert Lowe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160520/75378de5/attachment.html>

More information about the users mailing list