On 08-12-2018 1:24 AM, 6498166 wrote:
> Hi All,
> I've to solve this problem:
> I've an application (SAP HR) protected by MAG and federated with NAM
> IDP. The user authenticate with PC and use the application correctly
> (authentication timeout default with 60 min value set)
> Now my client wants to put totem stations to access the application with
> a timeout set to 5 minutes (only for these stations). How can I solve
> this problem? I try using RBA (policy based on IP address of the totem
> station) but the step-up process use class or method but not to contract
> (where I can set a different authentication timeout)
> Have you any idea?

I have no clue if this would work as i've never done it but you could try to create a authz policy and stick that one your protected resource. Then
select as condition group 'Client IP' and as action select 'Re-authenticate with Contract' (i've got 4.4.3 in my lab here) and select the 5mins
contract. You might have to play around with the 'satisfiable by contract of equal or higher weight' settings through on your 60min contract though I
dont like this setting as its not very flexible and tends to open the app up to unwanted users to be able to access apps if you dont set the right
authz policies based on roles.