I am attempting to use pape.MaximumAuthenticationAge to force users to re开发者_开发百科-authenticate with the OP, but the samples in DotNetOpenAuth do not seem to handle it.
After reading DotNetOpenAuth "Sign Out" Button and http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html#anchor8 this seems like the right way to do it.
Please would someone confirm that this is the right way to do it and suggest what changes I need to make in the OP example to make it happen. Thanks.
You're correct, OpenId allows you to apply a 'max auth age' condition to requests that will instruct the OP to authenticate when the End User has not authenticated within -n- seconds. By setting this parameter to '1', you can effectively force the OP to re-authenticate the End User.
However, do NOT assume that every Provider has implemented functionality to enforce the 'max auth age' parameter. This may be the cause of any unexpected behavior that you're seeing.
From the docs:
If an OP does not satisfy a request for timely authentication, the RP may decide not to grant the End User access to the services provided by the RP.
Use the following page to test support for this parameter on a OP by OP basis: http://test-id.org/OP/MaxAuthAge.aspx
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论