> For the complete documentation index, see [llms.txt](https://ztrust.gitbook.io/ztrust-documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ztrust.gitbook.io/ztrust-documentation/user-manual-ztrust-v1.0/guide-to-navigation/authentication/ciba-policy.md).

# CIBA Policy

<figure><img src="https://lh7-us.googleusercontent.com/docsz/AD_4nXfj-AwFbo19viO4l6hZgH87FjMgTV7lU6sAZIcXdSnsbp3Kmxcm_-THBxkq1tzxIvYes7JjEUk83JqEj7p0VNJYD0Fb7xharF1V2yrssVh3WSFtoOZUmNI3h_9Jj3EPklRzWqKU8lH7vzHQF84E0BjzRm5qgN7pZz9hBN6780bC2Q5LsyA6av4?key=0ECnkWiuLUYSWNiFTVoEqA" alt=""><figcaption></figcaption></figure>

In the context of CIBA Policy, an admin can set up operations related to Client Initiated Backchannel Authentication (CIBA) for a specific realm.

#### **Backchannel Token Delivery Mode**

<figure><img src="https://lh7-us.googleusercontent.com/docsz/AD_4nXcg2TtxCATehosxYdvuQH-fIUF4yeJ3xs-EDCJoYBuND0imtPpkdd84z_7-viAPmYxOa8seNSQwtG2PjxvR9zP7gBEe4hfeIoCUgPCQem03EVHvbdEc7w15kDLAsyL0Ws_6xMb1YaazLrZ5BCcOkyJAyblwEINNAt4e7yrRAHPovUVhFi4uWmQ?key=0ECnkWiuLUYSWNiFTVoEqA" alt=""><figcaption></figcaption></figure>

This setting is mandatory and determines how the Consumption Device (CD) receives the authentication result and associated tokens.&#x20;

Two modes are available - Poll and Ping, with the default value set to Poll.

#### **Expires In**

<figure><img src="https://lh7-us.googleusercontent.com/docsz/AD_4nXffaM4eKvbJyY1I8uvZg28-qe4fErhpGEnXwKoAFbn-sgqnPRcdOfrLyyMG6945y5rmHGzcKFjRhR2GnaoaccNSoPLdRzBxClfQ874fp0RDMagMVrehDB-By7IsrP-gvInAXXIS2knwM1p8wo59BCZoMHLmNgmNyvFTFyVLcq8fv9D1JIvEMpA?key=0ECnkWiuLUYSWNiFTVoEqA" alt=""><figcaption></figcaption></figure>

This setting mention the expiration time of the auth\_req\_id in seconds, starting from when the authentication request was received.&#x20;

The default setting is 120 seconds, but you can adjust this duration based on your needs.

#### **Interval**

.

<figure><img src="https://lh7-us.googleusercontent.com/docsz/AD_4nXfoaRalNIuxuBL2AO8VXDp2ljAyIORQatfbHxoKsa3nPQD3Djl1Z3ksGlieiHPJjJxS63M3sCN4xnFpUEoBiFx9BUe-HvH-FEKPtKMao0ZefHZXrbhHdkpz_OEu6lQn3jFPNgVB9zwh7le0cJ5_hb79UF3xaBbol4dFI5ghvRxn42jW-7jnow0?key=0ECnkWiuLUYSWNiFTVoEqA" alt=""><figcaption></figcaption></figure>

This setting specifies the time duration in seconds that the Consumption Device (CD) needs to wait for between polling requests to the token endpoint.&#x20;

It's an optional configuration, with a default setting of 5 seconds.&#x20;

You have the flexibility to adjust this duration according to your needs.

#### **Authentication Requested User Hint**

<figure><img src="https://lh7-us.googleusercontent.com/docsz/AD_4nXfkaQ4zxNU92pY5c0J1Y5LRHZYRpGlz5JMYBchw23eDtA7KBi41As9RDUdAQfgc56-nmQVdsDGshGW-JEwYQQr-ajExQsX0FHIDE_xHhN-qb_K2wSOqa5b1MlaLvn0IOzUAHz5SqSwLI22mwSXxMuLHG08wCVeowhzdI5w8RH-rvOf75l7IAuE?key=0ECnkWiuLUYSWNiFTVoEqA" alt=""><figcaption></figcaption></figure>

It's a mandatory field, which refers to the way of identifying the end-user for whom the identification is being requested.&#x20;

The default option is login\_hint, and currently, ZTrust only supports this method.

<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ztrust.gitbook.io/ztrust-documentation/user-manual-ztrust-v1.0/guide-to-navigation/authentication/ciba-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.