Add policy that forces SAML users to log in online periodically

chrome/common/pref_names.cc

Index: chrome/common/pref_names.cc
diff --git a/chrome/common/pref_names.cc b/chrome/common/pref_names.cc
index 5aff5910de32861a6791523cc8383c3dbaad4194..d15f749a6dc49a58dd869433a9e51cdd97c54fa1 100644
--- a/chrome/common/pref_names.cc
+++ b/chrome/common/pref_names.cc
@@ -883,6 +883,22 @@ const char kHighQualitySpeechSynthesisLanguages[] =
 // A boolean preference indicating whether user has seen first-run tutorial
 // already.
 const char kFirstRunTutorialShown[] = "settings.first_run_tutorial_shown";
+
+// Indicates the amount of time for which a user authenticated via SAML can use
+// offline authentication against a cached password before being forced to go
+// through online authentication against GAIA again. The time is expressed in
+// seconds. A value of -1 indicates no limit, allowing the user to use offline
+// authentication indefinitely. The limit is in effect only if GAIA redirected
+// the user to a SAML IdP during the last online authentication.
+const char kSAMLOfflineSigninTimeLimit[] = "saml.offline_signin_time_limit";
+
+// A preference to keep track of the last time the user authenticated against
+// GAIA using SAML. The preference is updated whenever the user authenticates
+// against GAIA: If GAIA redirects to a SAML IdP, the preference is set to the
+// current time. If GAIA performs the authentication itself, the preference is
+// cleared. The time is expressed as the serialization obtained from
+// base::Time::ToInternalValue().
+const char kSAMLLastGAIASignInTime[] = "saml.last_gaia_sign_in_time";
 #endif  // defined(OS_CHROMEOS)
 
 // The disabled messages in IPC logging.