Electronic signatures

Robert Lowe robertmlowe at rmlowe.com
Thu May 19 13:07:07 EDT 2016

> On 5/19/16, 11:11 AM, "users on behalf of Robert Lowe" <
> users-bounces at shibboleth.net on behalf of robertmlowe at rmlowe.com> wrote:
> >Is this sufficient? What am I missing, or any better approach?
> There's a way to statically enforce a limit on time elapsing since authn,
> but for your case that probably wouldn't work, so your application would
> have to do that. So that's about it I guess.

Scott, you mean the maxTimeSinceAuthn attribute on the Sessions element? I
did look at that, but as far as I could see it required defining a separate
application (i.e an ApplicationOverride), which seemed like overkill to me.

> >(This is all assuming that the IdP supports
> >ForceAuthn, and is using an authentication method for which that has a
> reasonable interpretation.)
> Which is a big assumption.


Best regards,

Robert Lowe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160520/8e8ccb47/attachment.html>

More information about the users mailing list