donotcache and forceAuthn

Jeffrey Crawford jeffreyc at
Fri Aug 14 18:56:37 EDT 2015

If an SP makes a forceAuthn="true" request, we could ignore the fact that
there is an option of donotcache.

That being the case, the option could be removed from the login page if we
could inspect that kind of request.

Jeffrey E. Crawford
ITS Application Administrator (IdM)
jeffreyc at

Both pilots and IT professionals require training and currency before
charging into clouds!

On Fri, Aug 14, 2015 at 3:43 PM, Cantor, Scott <cantor.2 at> wrote:

> On 8/14/15, 6:37 PM, "users on behalf of Jeffrey Crawford" <
> users-bounces at on behalf of jeffreyc at> wrote:
> >There was a question around our campus regarding if it was possible to
> have the login page logic know if an SP requests forceAuthn and allow the
> login page not show the section of the form which sets donotcache. I didn't
> find anything however I'm sure I could have missed it as well.
> If an SP requests ForceAuthn, the form would be used, but remembering the
> result after that is relevant for the following requests, not that one. So
> there is by definition nothing it could look at. Whether *that* request
> included it would have nothing to do with the decision to remember it for
> the next SP.
> Or perhaps I'm not following your line of thought.
> -- Scott
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list