Question about forceAuthn

Mak, Steve makst at
Wed Jan 19 04:26:43 UTC 2022

Hi list.

I think I have a weird problem with some vendors' SAML requests and I can't seem to replicate a test case with my test SPs.

I see some SAML Requests come in with ForceAuthn="false" yet it still seems to trigger the ignoreSSO/Reauth flow in my Shib IdP v4.1.2.

I know it's sort of silly to send ForceAuthn="false" when it's simply easier to omit the setting, but I still need to investigate.

Before I start investigating deeper, has anyone heard of this sort of occurrence? I don't recall seeing any bugs where the IdP is choosing the reauth flow even if the flag is set to false.

Thanks all,
Steve Mak

More information about the users mailing list