Force Re-authentication to the specific identity provider using shibboleth SP configuration

Cantor, Scott cantor.2 at
Wed Jun 21 17:28:10 UTC 2023

There is no modern configuration-based way to do that I know of. ForceAuthn can be passed on the URL via a parameter to the /Login endpoint so it can be done dynamically and that's about the only way of it being per-IdP with any ordinary effort at present.

The old way of building manual SessionInitiator chains probably works in theory, but is far outside anything I would be willing to work up as free support at this point.

-- Scott

More information about the users mailing list