6498166 Absent Member.
Absent Member.
593 views

different authentication timeout by type of device

Hi All,
I've to solve this problem:

I've an application (SAP HR) protected by MAG and federated with NAM IDP. The user authenticate with PC and use the application correctly (authentication timeout default with 60 min value set)

Now my client wants to put totem stations to access the application with a timeout set to 5 minutes (only for these stations). How can I solve this problem? I try using RBA (policy based on IP address of the totem station) but the step-up process use class or method but not to contract (where I can set a different authentication timeout)

Have you any idea?

Thanks a lot

Cheers
Maurizio
0 Likes
1 Reply
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: different authentication timeout by type of device

On 08-12-2018 1:24 AM, 6498166 wrote:
>
> Hi All,
> I've to solve this problem:
>
> I've an application (SAP HR) protected by MAG and federated with NAM
> IDP. The user authenticate with PC and use the application correctly
> (authentication timeout default with 60 min value set)
>
> Now my client wants to put totem stations to access the application with
> a timeout set to 5 minutes (only for these stations). How can I solve
> this problem? I try using RBA (policy based on IP address of the totem
> station) but the step-up process use class or method but not to contract
> (where I can set a different authentication timeout)
>
> Have you any idea?



I have no clue if this would work as i've never done it but you could try to create a authz policy and stick that one your protected resource. Then
select as condition group 'Client IP' and as action select 'Re-authenticate with Contract' (i've got 4.4.3 in my lab here) and select the 5mins
contract. You might have to play around with the 'satisfiable by contract of equal or higher weight' settings through on your 60min contract though I
dont like this setting as its not very flexible and tends to open the app up to unwanted users to be able to access apps if you dont set the right
authz policies based on roles.

--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.