how to reauthentication already logged in user?

[rarathore]

Hi Team,

I have a requirement to reauthentication already logged in user, Please let me know how can I do that.

I am using Apache Http server. pls share configuration it will be helpful.

[zandbelt]

there's an administrative session revocation capability via <redirect_uri>?revoke_session=<uuid> if that is what you're referring to

[rarathore]

Hi Zandbelt,

what I am looking here is that on clicking of some action from UI, it will trigger the login popup and ask user to re-authenticate it.

I have some URL pattern like https:///reauth and once user click it, it will redirect to login page from IDP and provide information and return back to that flow. how can I achieve this?

I have below configuration in Apache

Authenticated resources

<LocationMatch ^/XYZ/(;.*)?>
AuthType openid-connect
Require valid-user

<LocationMatch ^/+XYZ/reauthsecure?>

[zandbelt]

trigger logout and point to some new location that is protected: <redirect_uri>?logout=<url>, see https://github.com/zmartzone/mod_auth_openidc/wiki#9-how-do-i-logout-users

[rarathore]

Thanks for the quick reply.
I don't want to logout, previous user session should be continue as it is, it is specific need for one flow that will re-login and perform the operation.

don't wont to revoke existing session.

[zandbelt]

re-login would create a new session and overwrite the old one so there's no point in keeping it

[rarathore]

how can we do prompt=login of OIDC flow for re-authentication in Apache Http Server?

I tried below configuration

<Location /Windchill/reauthsecure>
AuthType openid-connect

Require valid-user
Require claim acr:1

OIDCUnAuthAction auth
#OIDCUnAutzAction auth
OIDCPathAuthRequestParams "prompt=login&acr_values=1"

but it is giing below error

Invalid command 'OIDCPathAuthRequestParams', perhaps misspelled or defined by a module not included in the server configuration

I added that module in Apache config

LoadModule auth_openidc_module modules/mod_auth_openidc.so