Unsolicited SSO + ForceAuthen?

Cantor, Scott cantor.2 at osu.edu
Mon Feb 26 12:30:37 EST 2018


> Is there any way to use the IdP Unsolicited SSO where we can set
> ForceAuthn for this app? I know it may be easily bypassed if it's in the URL or
> something, but we are trying to protect bad user behavior more than we are
> trying to guard against someone who wants to bypass ForceAuthn at the
> moment.

No, there's no property that will toggle on that setting internally. It hasn't been requested to date. I think there are some workarounds people may have come up with but I honestly don't recall any details. Certainly one workaround is generating a real request artifically, though it would have to be signed to be of any value.

-- Scott



More information about the users mailing list