Check max_age request parameter for authenticated user (#184)
This commit is contained in:
parent
e1794d1be7
commit
46e3b460c1
@ -423,11 +423,28 @@ sub issuerForAuthUser {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
my $prompt = $oidc_request->{'prompt'};
|
# Check if user needs to be reauthenticated
|
||||||
|
my $reauthentication = 0;
|
||||||
|
my $prompt = $oidc_request->{'prompt'};
|
||||||
if ( $prompt =~ /\blogin\b/ ) {
|
if ( $prompt =~ /\blogin\b/ ) {
|
||||||
|
$self->lmLog(
|
||||||
|
"Reauthentication requested by Relying Party in prompt parameter",
|
||||||
|
'debug'
|
||||||
|
);
|
||||||
|
$reauthentication = 1;
|
||||||
|
}
|
||||||
|
|
||||||
$self->lmLog( "Reauthentication requested by Relying Party",
|
my $max_age = $oidc_request->{'max_age'};
|
||||||
'debug' );
|
my $_lastAuthnUTime = $self->{sessionInfo}->{_lastAuthnUTime};
|
||||||
|
if ( defined $max_age && time > $_lastAuthnUTime + $max_age ) {
|
||||||
|
$self->lmLog(
|
||||||
|
"Reauthentication forced cause authentication time ($_lastAuthnUTime) is too old (>$max_age s)",
|
||||||
|
'debug'
|
||||||
|
);
|
||||||
|
$reauthentication = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($reauthentication) {
|
||||||
|
|
||||||
# Replay authentication process
|
# Replay authentication process
|
||||||
$self->{updateSession} = 1;
|
$self->{updateSession} = 1;
|
||||||
|
Loading…
Reference in New Issue
Block a user