Forced Authentication for SAML2 SPs

[Dustin Luck]

I know that for SPs that use the CAS protocol, renew=true can be added to the URL by the client to do a "forced authentication". Is there any way that SAML2 SPs can do the same thing or does it need to be configured in the CAS service registry?

(CAS = 6.3.6)

[Dustin Luck]

I found the answer!

The SAML2 protocol supports an attribute in the AuthnRequest called 'ForceAuthn' that can be set to true to enable forced authentication. Fortunately, the SP I'm setting up supports it.