Hi Benjamin, Sharing the ticket with Mike and Yura.

Benjamin, Its an authz policy (because it happens post-authn). Its definitely possible, but you'd have to make sure the application requires an OAuth2 token--either an UMA RPT token, or our simpler GAT token. There is another trick that may be required. During authentication, you have a connection to the user's browser. At this point, I think you can get the timezone from the person's preferences. You'll need to write this to the session for future use in the authorization policy. Yuriy Movchan can confirm if there is a session variable that you could use to store this information during the custom authn script, that would make it available in the authz script. - Mike

Thanks guys for the fast feedback! Unfortunately, we're talking about SAAS SAML applications here.

Hi, Yes, it's possible to achieve in custom authentication script. We stores browser ip address in LDAP session. We can use it to get geolocation [data](https://github.com/GluuFederation/oxAuth/blob/master/Server/integrations/oxpush2/oxPush2ExternalAuthenticator.py#L546). Also we can write JavaScript to pass browser data, timezone, etc to server in hidden variable on login page or add cookie with this information. And when user try to log in we can additionally check them. Regards, Yura

Thanks!