Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support ForceAuthn=true #10

nynymike opened this issue Aug 12, 2016 · 3 comments


Copy link

commented Aug 12, 2016

Section of the SAML-Profile document (in the Web SSO Profile section), it specifies:

The ForceAuthn <AuthnRequest>attribute, if present with a value of true, obligates the identity provider to freshly establish this identity, rather than relying on an existing session it may have with the principal.

It would be nice if we could support this.

In OpenID Connect we can use the prompt=login parameter to do something similar.

@nynymike nynymike added this to the 2.4.4 milestone Aug 12, 2016

@dmogn dmogn modified the milestones: 3.0.0, 2.4.4 Nov 12, 2016

@nynymike nynymike modified the milestones: 3.1.0, 3.0.0 Feb 1, 2017

@dmogn dmogn modified the milestones: 3.1.0, 3.2.0 Sep 15, 2017


This comment has been minimized.

Copy link

commented Sep 15, 2017

We need rewrite Shib. IDP RemoteUser flow for ForceAuthn support.

Default "RemoteUser" does not support it.


This comment has been minimized.

Copy link

commented Mar 22, 2019


@yurem yurem closed this Mar 22, 2019

@yurem yurem modified the milestones: 4.0, 3.1.6 Mar 22, 2019


This comment has been minimized.

Copy link

commented Mar 23, 2019

For documentation.

Our oxAuth IDP3 plugin do translation Saml ForceAuthn=true to OpenID AuthZ request Prompt.Login
There is more info about each part in Saml and OpenID specs

shmorri added a commit to GluuFederation/docs-ce-prod that referenced this issue Mar 25, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
4 participants
You can’t perform that action at this time.