Electronic signatures
Robert Lowe
robertmlowe at rmlowe.com
Thu May 19 13:07:07 EDT 2016
> On 5/19/16, 11:11 AM, "users on behalf of Robert Lowe" <
> users-bounces at shibboleth.net on behalf of robertmlowe at rmlowe.com> wrote:
> >Is this sufficient? What am I missing, or any better approach?
>
> There's a way to statically enforce a limit on time elapsing since authn,
> but for your case that probably wouldn't work, so your application would
> have to do that. So that's about it I guess.
>
Scott, you mean the maxTimeSinceAuthn attribute on the Sessions element? I
did look at that, but as far as I could see it required defining a separate
application (i.e an ApplicationOverride), which seemed like overkill to me.
>
> >(This is all assuming that the IdP supports
> >ForceAuthn, and is using an authentication method for which that has a
> reasonable interpretation.)
>
> Which is a big assumption.
>
Understood.
--
Best regards,
Robert Lowe
http://crepuscular.rmlowe.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160520/8e8ccb47/attachment.html>
More information about the users
mailing list