This feature allows a service to demand re-authentication when the time of last authentication on weblogin.pennkey.upenn.edu has become too old. The directive allows the application admin to specify:
Where # is an integer value representing number of seconds. If the user has not authenticated to weblogin.pennkey.upenn.edu within this timeframe then they will be forced to re-authenticate.
When to use CosignAuthenticationLifetime
This functionality is different than the existing re-authentication functionality.
It forces user re-authentication conditionally, as opposed to always forcing re-authentication on initial sign-in to a specific application.
The condition is based on the specific amount of time (lifetime) in seconds since the last authentication has occurred.
In addition, a re-authentication will be forced after the time has elapsed within the application (e.g. the authentication will continue to expire after the specified time).
The following requirements must be met in order to take advantage of this functionality:
You are using the Apache2 CoSign filter.
You have your application already working with CoSign authentication.
You have downloaded the mod_cosign filter from the Weblogin Management Console (WMC) and it is dated 20130523 or later (this will be the timestamp on the actual bundle, not the date you downloaded the file).
You are NOT using a mod_cosign filter from weblogin.org (the public project).