[Openid-specs-ab] Request with prompt=login

Hasanthi Purnima Dissanayake hasanthi at wso2.com
Wed Jul 20 06:29:10 UTC 2016

Hi All,
I am sending prompt=login parameter with the authorization request when the
End-User is already authenticated. According to the spec [1] , in this case
the Authorization Server MUST reauthenticate the End-User even if the
End-User is already authenticated. So the server prompts the login page
again and the use has to provide credentials again.

Once we are running the OIDC compliance test cases I'm getting following

	status: ERROR
	description: Verifies that multiple authentication was used in the flow
	info: Not two separate authentications!

So what is the actual thing that the server suppose to do with prompt=login
parameter in authorization request. Does the server need to log out the
user if there is an already authenticated session with the prompt=login
parameter? Otherwise how can we avoid this multiple authentication error?

Any suggestion is highly appreciated.

[1] http://openid.net/specs/openid-connect-core-1_0.html


Hasanthi Dissanayake

Software Engineer | WSO2

E: hasanthi at wso2.com
M :0718407133| http://wso2.com <http://wso2.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160720/9b33ba80/attachment.html>

More information about the Openid-specs-ab mailing list