Reauthentication example for access policy

Edit online

Access policies can be used to do reauthentication. Following is an example of an access policy that implements reauthentication.

Note: Reauthentication in an access policy is supported only by performing a Redirect Challenge to the required authentication service.



// max_age represents how long a user session should be active 
// authenticationTime represents when the user first logged into the authentication service
if (max_age < authenticationTime){
     // Reauthenticate the user using a username password policy
     // Once the username password policy is executed, the authenticationTime will be refreshed and
     // the "if" condition will not hold good; hence the user will be allowed to run the single sign-on
     var handler = new RedirectChallengeDecisionHandler();
     handler.setRedirectUri("https://www.myidp.example.com/isam/sps/authsvc?PolicyId=
        urn:ibm:security:authentication:asf:password&Target=https://www.myidp.example.com/isam@ACTION@");
     var decision = Decision.challenge(handler);
     context.setDecision(decision);
}
else{
     var decision = Decision.allow();
     context.setDecision(decision);
}