Disable replay policy for one relying party
cantor.2 at osu.edu
Tue Mar 6 10:16:47 EST 2018
> Ideally ADFS would send better cache headers but am looking into this in
> case that's not possible, since its AuthnRequest isn't signed so I don't think
> there's any danger in allowing a replayed request.
It's not about danger, it's about trapping somebody that hits the back button into artifically repeating a login, which I consider the worst possible outcome.
There is no exposed support for it. Various undocumented changes to the system can do it, but nothing supported and definitely nothing per-RP.
More information about the users