APM supports step-up authentication using per-request policy subroutines.
With step-up authentication, the system can authenticate a user at any time during a session.
This functionality is useful, for example, when making access to an application generally
available for all users, but wanting to limit access to specific areas of the application to a
shorter list of authorized users. You can also have the system prompt users for credentials after
a configured period of time.
Subroutines can save authenticated credentials in session variables that can be shared between
subroutines. In this case, the session variables in the subroutine have to be configured the same
as they are in the Assign Credential agent. This agent takes the username and password session
variables and stores them as perflow variables for the subsession. So the Assign Credential
agent needs to be located in the policy before the subroutine that needs to reuse the