Forcing the timeout of 2nd factor in a MFA login
cantor.2 at osu.edu
Mon Feb 10 10:32:16 EST 2020
4.0 carries the reuseConditon property across from the login method descriptor beans into the results so it should be possible to attach a rule to check the last activity time and forcibly prevent it from being reused.
I don't believe all the necessary pieces line up prior to that release to make it possible to do this kind of thing.
More information about the users