robertmlowe at rmlowe.com
Thu May 19 13:07:07 EDT 2016
> On 5/19/16, 11:11 AM, "users on behalf of Robert Lowe" <
> users-bounces at shibboleth.net on behalf of robertmlowe at rmlowe.com> wrote:
> >Is this sufficient? What am I missing, or any better approach?
> There's a way to statically enforce a limit on time elapsing since authn,
> but for your case that probably wouldn't work, so your application would
> have to do that. So that's about it I guess.
Scott, you mean the maxTimeSinceAuthn attribute on the Sessions element? I
did look at that, but as far as I could see it required defining a separate
application (i.e an ApplicationOverride), which seemed like overkill to me.
> >(This is all assuming that the IdP supports
> >ForceAuthn, and is using an authentication method for which that has a
> reasonable interpretation.)
> Which is a big assumption.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users