Credential Change (CAEP)

Event indicating a user's credentials have changed (CAEP §3.2). Receiving systems should force re-authentication.

Try in SSF Sandbox
Security EventsCAEPContinuous Eval

Sequence Diagram

Click any step for details

IdPTransmitterReceiversReceiverCredsUser1Credential Change Occurs2Create Credential Change SET3Deliver SET to Receivers4Receiver Validates SET5Invalidate Cached Credentials6Force Re-authentication
Request
Response
Redirect
Internal

Step-by-Step Breakdown

1
Credential Change Occurs
Identity ProviderIdentity Provider
2
Create Credential Change SET
Identity ProviderIdentity Provider
3
Deliver SET to Receivers
TransmitterAll Subscribed Receivers
4
Receiver Validates SET
Receiver (RP)Receiver (RP)
5
Invalidate Cached Credentials
Receiver (RP)Credential Cache
6
Force Re-authentication
Receiver (RP)User

Token Inspector

Specs for this flow

Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.

Core specs

· The specifications that define this protocol.