ForceAuthn and RemoteUser handler

Cantor, Scott cantor.2 at
Mon Oct 30 16:17:02 EDT 2017

On 10/30/17, 4:08 PM, "users on behalf of Matthew Slowe" <users-bounces at on behalf of M.Slowe at> wrote:

> This IDP instance is only talking to MS so I don't mind *quite* so much

Well, that obviously changes the picture. I'd just change the setting and report the bug.

> My thinking was that the Shibboleth IDP could handle the ForceAuthn fine
> and pass on the actual authentication like it can do for things like CAS.

ForceAuthn is ultimately a function of the system you defer to.

> We did... we chose SimpleSAMLphp as our central SSO but have had to hang
> Shibboleth off to the side to cope with Office365... this seemed like
> the most elegant solution to keeping it seamless until recently.

Seems like ADFS might be the best "one-off to run for Office365".

-- Scott

More information about the users mailing list