Electronic signatures
Robert Lowe
robertmlowe at rmlowe.com
Thu May 19 12:11:22 EDT 2016
I know this has been discussed before, but the information seems a bit
scattered, so I wanted to check my overall understanding.
I have a requirement to implement electronic signatures. More specifically,
this means that the application gets to request re-authentication in
response to certain application-specific events.
Here's what I *think* I need to do.
- When the application needs re-authentication, redirect to (assuming
default handler locations) /Shibboleth.sso/Login?target=*{current-url}*
&forceAuthn=true
- When control returns to the application, check the
Shib-Authentication-Instant environment variable to ensure that
re-authentication actually occurred (with allowance for latency and clock
skew).
Is this sufficient? What am I missing, or any better approach?
(This is all assuming that the IdP supports ForceAuthn, and is using an
authentication method for which that has a reasonable interpretation.)
--
Best regards,
Robert Lowe
http://crepuscular.rmlowe.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160520/75378de5/attachment.html>
More information about the users
mailing list