Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support ForceAuthn=true #10

Closed
nynymike opened this issue Aug 12, 2016 · 3 comments

Comments

@nynymike
Copy link

commented Aug 12, 2016

Section 4.1.3.4 of the SAML-Profile document (in the Web SSO Profile section), it specifies:

The ForceAuthn <AuthnRequest>attribute, if present with a value of true, obligates the identity provider to freshly establish this identity, rather than relying on an existing session it may have with the principal.

It would be nice if we could support this.

In OpenID Connect we can use the prompt=login parameter to do something similar.

@nynymike nynymike added this to the 2.4.4 milestone Aug 12, 2016

@dmogn dmogn modified the milestones: 3.0.0, 2.4.4 Nov 12, 2016

@nynymike nynymike modified the milestones: 3.1.0, 3.0.0 Feb 1, 2017

@dmogn dmogn modified the milestones: 3.1.0, 3.2.0 Sep 15, 2017

@dmogn

This comment has been minimized.

Copy link
Contributor

commented Sep 15, 2017

We need rewrite Shib. IDP RemoteUser flow for ForceAuthn support.

Default "RemoteUser" does not support it.

@yurem

This comment has been minimized.

Copy link
Contributor

commented Mar 22, 2019

Done

@yurem yurem closed this Mar 22, 2019

@yurem yurem modified the milestones: 4.0, 3.1.6 Mar 22, 2019

@yurem

This comment has been minimized.

Copy link
Contributor

commented Mar 23, 2019

For documentation.

Our oxAuth IDP3 plugin do translation Saml ForceAuthn=true to OpenID AuthZ request Prompt.Login
There is more info about each part in Saml and OpenID specs

shmorri added a commit to GluuFederation/docs-ce-prod that referenced this issue Mar 25, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.