Question about forceAuthn
makst at upenn.edu
Wed Jan 19 04:26:43 UTC 2022
I think I have a weird problem with some vendors' SAML requests and I can't seem to replicate a test case with my test SPs.
I see some SAML Requests come in with ForceAuthn="false" yet it still seems to trigger the ignoreSSO/Reauth flow in my Shib IdP v4.1.2.
I know it's sort of silly to send ForceAuthn="false" when it's simply easier to omit the setting, but I still need to investigate.
Before I start investigating deeper, has anyone heard of this sort of occurrence? I don't recall seeing any bugs where the IdP is choosing the reauth flow even if the flag is set to false.
More information about the users