Force Re-authentication to the specific identity provider using shibboleth SP configuration

Kumar, Prasanth (ELS-LOW) p.kumar.13 at
Wed Jun 21 17:13:14 UTC 2023

Hi All,

We have been using one site or application in shibboleth service provider sp config file. we are make use of this configuration to communicate with multiple  identity provider's.
if you look at the below config changes of shibboleth2.xml SP config file, we are trying to turning on forceAuthn flag to the one specific idp but shibboleth sp Forcing Re-authentication for all the identity provider's.
Is there a way we can turn on forceAuthn flag to the one specific  identity provider? Or Am I missing any other configurations?

<ApplicationOverride id="APPNAME"   entityID=<>>
<SSO entityID="https://idp1/shibboleth" discoveryProtocol="SAMLDS">
               SAML2 SAML1
<SSO entityID="https://idp2/shibboleth" forceAuthn="true" discoveryProtocol="SAMLDS">
               SAML2 SAML1

Thanks in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list