-
-
Notifications
You must be signed in to change notification settings - Fork 330
Step up Authentication
Hans Zandbelt edited this page Nov 12, 2018
·
17 revisions
TODO:
Since version version 2.3.0rc0 the new directive OIDCUnAutzAction enables step-up authentication scenarios when combined with the following:
- add
OIDCPathAuthRequestParamsthat is configurable on a per-path basis and useOIDCAuthRequestParamsfor the static per-provider value - add
OIDCPathScopethat is configurable on a per-path basis and concatenate withOIDCScopeas static per-provider value
Note:
- this setup can lead to infinite redirect loops
- Session Management refresh with per-path authn request params & scopes is not possible (yet)
- Apache 2.4 does the authorization-based redirect with a HTML page with a meta refresh tag;
depending on your Apache version/environment you may need to setErrorDocument 401 " "