On Tue, Aug 29, 2017 at 4:29 PM, Hasini Witharana <[email protected]> wrote:
> Hi Asela, > > If SP sends a force auth request, we update the existing session. > So; Are we generating new auth_time when session is updated ? > > Thanks, > Hasini > > > > On Wed, Aug 23, 2017 at 1:27 PM, Asela Pathberiya <[email protected]> wrote: > >> >> >> On Wed, Aug 23, 2017 at 12:46 PM, Hasini Witharana <[email protected]> >> wrote: >> >>> Hi, >>> >>> In the OIDC specification auth_time is defined as below.[1] >>> >>> Time when the End-User authentication occurred. Its value is a JSON >>> number representing the number of seconds from 1970-01-01T0:0:0Z as >>> measured in UTC until the date/time. When a max_age request is made or >>> when auth_time is requested as an Essential Claim, then this Claim is >>> REQUIRED; otherwise, its inclusion is OPTIONAL. >>> >>> In the current implementation when the user is authenticated for the >>> first time using user credentials, auth_time is considered as the session >>> created time. After that when user is implicitly login in using a cookie >>> without giving user credentials, auth_time is considered as session updated >>> time. >>> >> >> If SP sends a force authe request, Are we creating a new session or >> update the existing session ? >> >> If max_age is expired, Does SP need to send a force auth request or just >> an authentication request ? >> >> Thanks, >> Asela. >> >>> >>> As I think the auth_time should be the first time user authenticated >>> using credentials. >>> [2] is the fix made for this issue. >>> >>> Thank you. >>> >>> [1] - http://openid.net/specs/openid-connect-core-1_0.html >>> [2] - https://github.com/wso2-extensions/identity-inbound-auth-oau >>> th/pull/455 >>> >>> -- >>> >>> *Hasini Witharana* >>> Software Engineering Intern | WSO2 >>> >>> >>> *Email : [email protected] <[email protected]>* >>> >>> *Mobile : +94713850143 <+94%2071%20385%200143>[image: >>> http://wso2.com/signature] <http://wso2.com/signature>* >>> >> >> >> >> -- >> Thanks & Regards, >> Asela >> >> ATL >> Mobile : +94 777 625 933 <+94%2077%20762%205933> >> +358 449 228 979 >> >> http://soasecurity.org/ >> http://xacmlinfo.org/ >> > > > > -- > > *Hasini Witharana* > Software Engineering Intern | WSO2 > > > *Email : [email protected] <[email protected]>* > > *Mobile : +94713850143 <+94%2071%20385%200143>[image: > http://wso2.com/signature] <http://wso2.com/signature>* > -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933 +358 449 228 979 http://soasecurity.org/ http://xacmlinfo.org/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
