Question about forceAuthn

Mak, Steve makst at
Wed Jan 19 13:09:46 UTC 2022

I can confirm that I did just find another SP that sets ForceAuthn="false" and it does not trigger the ignoreSSO context... You're probably right about the IP address change.


On 1/19/22, 8:05 AM, "users on behalf of Cantor, Scott" <users-bounces at on behalf of cantor.2 at> wrote:

    On 1/18/22, 11:26 PM, "users on behalf of Mak, Steve" <users-bounces at on behalf of makst at> wrote:

    >    Before I start investigating deeper, has anyone heard of this sort of occurrence? I don't recall seeing any
    > bugs where the IdP is choosing the reauth flow even if the flag is set to false.

    That's not the reason. IP address changes are the most common cause of session invalidation.

    -- Scott

    For Consortium Member technical support, see;!!IBzWLUs!DGL7YoxUe_3P3Kwh8A8VlZvEO8p9kbl7LM971eI13qJGYczqQ9j128Y5lOdy3A$ 
    To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list