Force Re-authentication to the specific identity provider using shibboleth SP configuration
Cantor, Scott
cantor.2 at osu.edu
Wed Jun 21 17:28:10 UTC 2023
There is no modern configuration-based way to do that I know of. ForceAuthn can be passed on the URL via a parameter to the /Login endpoint so it can be done dynamically and that's about the only way of it being per-IdP with any ordinary effort at present.
The old way of building manual SessionInitiator chains probably works in theory, but is far outside anything I would be willing to work up as free support at this point.
-- Scott
More information about the users
mailing list