Set ForceAuthn in metadata

Lipscomb, Gary glipscomb at csu.edu.au
Wed Aug 15 23:14:18 EDT 2018 

We have an SP (Banner ssoManager) who is sending ForceAuthn="false" in its AuthnRequest

<saml2p:AuthnRequest AssertionConsumerServiceURL="https://bdevel.csu.edu.au/ssomanager/saml/SSO"
                     Destination="https://idpdev.csu.edu.au/idp/profile/SAML2/Redirect/SSO"
                     ForceAuthn="false"
                     ID="a5233790846d79h03hc7h81j5ijf8jd"
                     IsPassive="false"
                     IssueInstant="2018-08-16T03:06:51.209Z"
                     ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                     Version="2.0"
                     xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" >
           <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">ssomanager</saml2:Issuer>
</saml2p:AuthnRequest>

When a user logs out from the application they are redirected back to a page with a link back into the application. Since the SSO session is not killed and we can't customise that page to tell the user to close all windows and tabs for secure logout one of the workarounds the vendor suggests is to set ForceAuthn="true" in their version of the IdP (which we haven't installed).

Is it possible to set ForceAuthn="true" in the SP's metadata? Would this override the setting in the AuthnRequest?

Regards

Gary

|   ALBURY-WODONGA   |   BATHURST   |   CANBERRA   |   DUBBO   |   GOULBURN   |   MELBOURNE   |   ORANGE   |   PORT MACQUARIE   |   SYDNEY   |   WAGGA WAGGA   |

LEGAL NOTICE
This email (and any attachment) is confidential and is intended for the use of the addressee(s) only. If you are not the intended recipient of this email, you must not copy, distribute, take any action in reliance on it or disclose it to anyone. Any confidentiality is not waived or lost by reason of mistaken delivery. Email should be checked for viruses and defects before opening. Charles Sturt University (CSU) does not accept liability for viruses or any consequence which arise as a result of this email transmission. Email communications with CSU may be subject to automated email filtering, which could result in the delay or deletion of a legitimate email before it is read at CSU. The views expressed in this email are not necessarily those of CSU.
Charles Sturt University in Australia The Grange Chancellery, Panorama Avenue, Bathurst NSW Australia 2795 (ABN: 83 878 708 551; CRICOS Provider Number: 00005F (National)). TEQSA Provider Number: PV12018
Consider the environment before printing this email.

More information about the users mailing list