OIF 11g : Is max_auth_age configurable ? (Doc ID 1363378.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle Identity Federation - Version: 11.1.1.5.0 and later   [Release: and later ]
Information in this document applies to any platform.

Goal

OIF 11.1.1.5.0 supports PAPE (OpenID Provider Authentication Policy Extension) 1.0 described at http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html


"OpenId allows you to apply a 'max auth age' condition to requests that will instruct the OP to authenticate when the End User has not authenticated within -n- seconds.
By setting this parameter to '1', you can effectively force the OP to re-authenticate the End User.

ForceAuthn [Optional] : A Boolean value.
If "true", the identity provider MUST authenticate the presenter directly rather than rely on a previous security context. If a value is not provided, the default is "false". However, if both ForceAuthn and IsPassive are "true", the identity provider MUST NOT freshly authenticate the presenter unless the constraints of IsPassive can be met. "

Is the openid.pape.max_auth_age parameter is configurable in OIF ?

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms