My Oracle Support Banner

OIF 11g : Is max_auth_age configurable ? (Doc ID 1363378.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle Identity Federation - Version: and later   [Release: and later ]
Information in this document applies to any platform.


OIF supports PAPE (OpenID Provider Authentication Policy Extension) 1.0 described at

"OpenId allows you to apply a 'max auth age' condition to requests that will instruct the OP to authenticate when the End User has not authenticated within -n- seconds.
By setting this parameter to '1', you can effectively force the OP to re-authenticate the End User.

ForceAuthn [Optional] : A Boolean value.
If "true", the identity provider MUST authenticate the presenter directly rather than rely on a previous security context. If a value is not provided, the default is "false". However, if both ForceAuthn and IsPassive are "true", the identity provider MUST NOT freshly authenticate the presenter unless the constraints of IsPassive can be met. "

Is the openid.pape.max_auth_age parameter is configurable in OIF ?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.