Force Re-authentication to the specific identity provider using shibboleth SP configuration
Kumar, Prasanth (ELS-LOW)
p.kumar.13 at elsevier.com
Wed Jun 21 17:13:14 UTC 2023
Hi All,
We have been using one site or application in shibboleth service provider sp config file. we are make use of this configuration to communicate with multiple identity provider's.
if you look at the below config changes of shibboleth2.xml SP config file, we are trying to turning on forceAuthn flag to the one specific idp but shibboleth sp Forcing Re-authentication for all the identity provider's.
Is there a way we can turn on forceAuthn flag to the one specific identity provider? Or Am I missing any other configurations?
<ApplicationOverride id="APPNAME" entityID=https://AME.uww.edu/shibboleth<https://ame.uww.edu/shibboleth>>
<SSO entityID="https://idp1/shibboleth" discoveryProtocol="SAMLDS">
SAML2 SAML1
</SSO>
<SSO entityID="https://idp2/shibboleth" forceAuthn="true" discoveryProtocol="SAMLDS">
SAML2 SAML1
</SSO>
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20230621/d2c7bf6b/attachment.htm>
More information about the users
mailing list