diff --git a/server-spi-private/src/main/java/org/keycloak/authentication/RequiredActionProvider.java b/server-spi-private/src/main/java/org/keycloak/authentication/RequiredActionProvider.java
index bae1d22b82..f35a60bb44 100755
--- a/server-spi-private/src/main/java/org/keycloak/authentication/RequiredActionProvider.java
+++ b/server-spi-private/src/main/java/org/keycloak/authentication/RequiredActionProvider.java
@@ -17,6 +17,7 @@
 
 package org.keycloak.authentication;
 
+import org.keycloak.models.Constants;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.provider.Provider;
 import org.keycloak.sessions.AuthenticationSessionModel;
@@ -75,4 +76,10 @@ public interface RequiredActionProvider extends Provider {
      * @param context
      */
     void processAction(RequiredActionContext context);
+
+    /**
+     * Defines the max time after a user login, after which re-authentication is requested for an AIA. 0 means that re-authentication is always requested.
+     *
+     */
+    default int getMaxAuthAge() { return Constants.KC_ACTION_MAX_AGE; }
 }
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocol.java b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocol.java
index a3762812b6..092744471e 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocol.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocol.java
@@ -20,6 +20,7 @@ import org.jboss.logging.Logger;
 import org.keycloak.OAuth2Constants;
 import org.keycloak.OAuthErrorException;
 import org.keycloak.TokenIdGenerator;
+import org.keycloak.authentication.RequiredActionProvider;
 import org.keycloak.common.util.Time;
 import org.keycloak.connections.httpclient.HttpClientProvider;
 import org.keycloak.constants.AdapterConstants;
@@ -376,9 +377,11 @@ public class OIDCLoginProtocol implements LoginProtocol {
 
     protected boolean isReAuthRequiredForKcAction(UserSessionModel userSession, AuthenticationSessionModel authSession) {
         if (authSession.getClientNote(Constants.KC_ACTION) != null) {
+            String providerId = authSession.getClientNote(Constants.KC_ACTION);
+            RequiredActionProvider requiredActionProvider = this.session.getProvider(RequiredActionProvider.class, providerId);
             String authTime = userSession.getNote(AuthenticationManager.AUTH_TIME);
             int authTimeInt = authTime == null ? 0 : Integer.parseInt(authTime);
-            int maxAgeInt = Constants.KC_ACTION_MAX_AGE;
+            int maxAgeInt = requiredActionProvider.getMaxAuthAge();
             return authTimeInt + maxAgeInt < Time.currentTime();
         } else {
             return false;