Question about forceAuthn
Mak, Steve
makst at upenn.edu
Wed Jan 19 13:09:46 UTC 2022
I can confirm that I did just find another SP that sets ForceAuthn="false" and it does not trigger the ignoreSSO context... You're probably right about the IP address change.
Thanks!
On 1/19/22, 8:05 AM, "users on behalf of Cantor, Scott" <users-bounces at shibboleth.net on behalf of cantor.2 at osu.edu> wrote:
On 1/18/22, 11:26 PM, "users on behalf of Mak, Steve" <users-bounces at shibboleth.net on behalf of makst at upenn.edu> wrote:
> Before I start investigating deeper, has anyone heard of this sort of occurrence? I don't recall seeing any
> bugs where the IdP is choosing the reauth flow even if the flag is set to false.
That's not the reason. IP address changes are the most common cause of session invalidation.
-- Scott
--
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!IBzWLUs!DGL7YoxUe_3P3Kwh8A8VlZvEO8p9kbl7LM971eI13qJGYczqQ9j128Y5lOdy3A$
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list