Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-121278

As a Portal-Wide Administrator, I want control to force re-authentication of SAML users after a given time

    Details

      Description

      Motivation

      Currently there is a simple checkbox on the IDP connection labelled "Force Authn". The purpose of the setting is to prevent stale security context from being used on the IDP when the SP sends an authentication request.

      Though this is necessary in some use cases, the current approach has questionable usefulness. If you enable it, you loose all automatic SSO capability with the SAML IDP.

      A better implementation would be to allow the admin to configure a "Maximum Authn Age", to better reflect their desired balance of security vs. UX.

       

       

        Attachments

          Activity

            People

            Assignee:
            support-lep@liferay.com SE Support
            Reporter:
            stian.sigvartsen Stian Sigvartsen
            Recent user:
            Stian Sigvartsen
            Participants of an Issue:
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Packages

                Version Package