[cas-user] Forced Authentication for SAML2 SPs

Skip to first unread message

Dustin Luck

Oct 12, 2021, 7:59:15 PMOct 12
to CAS Community
I know that for SPs that use the CAS protocol, renew=true can be added to the URL by the client to do a "forced authentication". Is there any way that SAML2 SPs can do the same thing or does it need to be configured in the CAS service registry?

(CAS = 6.3.6)

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fe965566-994c-4c47-8bb2-6c5b8de8489en%40apereo.org.

Dustin Luck

Oct 15, 2021, 1:01:38 AMOct 15
to CAS Community, Dustin Luck
I found the answer!

The SAML2 protocol supports an attribute in the AuthnRequest called 'ForceAuthn' that can be set to true to enable forced authentication. Fortunately, the SP I'm setting up supports it.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1dc81f35-8544-46b3-9276-00cc37e93c8fn%40apereo.org.
Reply all
Reply to author
0 new messages