[Openid-specs-ab] Request with prompt=login
t.broyer at gmail.com
Wed Jul 20 08:24:13 UTC 2016
On Wed, Jul 20, 2016 at 8:29 AM Hasanthi Purnima Dissanayake <
hasanthi at wso2.com> wrote:
> Hi All,
> I am sending prompt=login parameter with the authorization request when
> the End-User is already authenticated. According to the spec  , in this
> case the Authorization Server MUST reauthenticate the End-User even if the
> End-User is already authenticated. So the server prompts the login page
> again and the use has to provide credentials again.
> Once we are running the OIDC compliance test cases I'm getting following
> status: ERROR
> description: Verifies that multiple authentication was used in the flow
> info: Not two separate authentications!
> So what is the actual thing that the server suppose to do with
> prompt=login parameter in authorization request. Does the server need to
> log out the user if there is an already authenticated session with the
> prompt=login parameter? Otherwise how can we avoid this multiple
> authentication error?
The tool checks the auth_time:
(I have absolutely no idea which of these tools, if any, is the actual one
running for the certification process; sorted above from least recently
updated to most recently updated)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab