Cherwell SP Forcing Re-Authentication

Garmer, Jack - garmercj garmercj at
Thu May 30 14:35:55 EDT 2019

Good Afternoon All!

After spinning my tires and finally concluding this isn't an idp issue by virtue of the nature of SSO, I'm wondering if the idp can override what appears to be a forced re-authentication by a non-shibboleth SP.

In a nutshell, our dev team is trying to leverage SAML SSO to allow a user to authenticate into an intermediary server and enter a ticket request into a template. On submission, the user and entered information will be redirected to a separate ITSM server (the product being Cherwell, I've posted about this project before). The issue we're running into is the ITSM server is forcing the user to re-authenticate, which breaks the flow. I've confirmed with other SPs attached to our dev environment that SSO is working properly. Once I authenticate against one, the others do not prompt for authentication EXCEPT for this one.

Because the SP is a GUI-based app on a windows server, there doesn't appear to be an obvious setting to turn this off. The product documentation also isn't doing much for us. Is there a method on the IDP end to override forced reauth?

Jack Garmer
Linux Systems Administrator
James Madison University
o. 540-568-4235

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list