Hi Asela, If SP sends a force auth request, we update the existing session.
Thanks, Hasini On Wed, Aug 23, 2017 at 1:27 PM, Asela Pathberiya <[email protected]> wrote: > > > On Wed, Aug 23, 2017 at 12:46 PM, Hasini Witharana <[email protected]> > wrote: > >> Hi, >> >> In the OIDC specification auth_time is defined as below.[1] >> >> Time when the End-User authentication occurred. Its value is a JSON >> number representing the number of seconds from 1970-01-01T0:0:0Z as >> measured in UTC until the date/time. When a max_age request is made or >> when auth_time is requested as an Essential Claim, then this Claim is >> REQUIRED; otherwise, its inclusion is OPTIONAL. >> >> In the current implementation when the user is authenticated for the >> first time using user credentials, auth_time is considered as the session >> created time. After that when user is implicitly login in using a cookie >> without giving user credentials, auth_time is considered as session updated >> time. >> > > If SP sends a force authe request, Are we creating a new session or > update the existing session ? > > If max_age is expired, Does SP need to send a force auth request or just > an authentication request ? > > Thanks, > Asela. > >> >> As I think the auth_time should be the first time user authenticated >> using credentials. >> [2] is the fix made for this issue. >> >> Thank you. >> >> [1] - http://openid.net/specs/openid-connect-core-1_0.html >> [2] - https://github.com/wso2-extensions/identity-inbound-auth- >> oauth/pull/455 >> >> -- >> >> *Hasini Witharana* >> Software Engineering Intern | WSO2 >> >> >> *Email : [email protected] <[email protected]>* >> >> *Mobile : +94713850143 <+94%2071%20385%200143>[image: >> http://wso2.com/signature] <http://wso2.com/signature>* >> > > > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 <+94%2077%20762%205933> > +358 449 228 979 > > http://soasecurity.org/ > http://xacmlinfo.org/ > -- *Hasini Witharana* Software Engineering Intern | WSO2 *Email : [email protected] <[email protected]>* *Mobile : +94713850143[image: http://wso2.com/signature] <http://wso2.com/signature>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
