Override forceAuthn in SAML
53 views
Skip to first unread message
Francis Augusto Medeiros-Logeay
Nov 14, 2025, 2:44:07 PM (13 days ago) Nov 14
to 'Alexander Schwartz' via Keycloak User
Hi
I’ve noticed that, when a SAML request is sent with forceAuthn=“true”, Keycloak presents a page with “Please re-authenticate to continue”, with just a password.
Is there some flow that could be used here instead of that? I see that this doesn’t use the default browser flow, as it doesn’t use any other authenticator but the password.
I wish this could be customized somehow, like asking again for 2FA, or simply ignored.
Is there a way to do it?
Best,
Francis
I’ve noticed that, when a SAML request is sent with forceAuthn=“true”, Keycloak presents a page with “Please re-authenticate to continue”, with just a password.
Is there some flow that could be used here instead of that? I see that this doesn’t use the default browser flow, as it doesn’t use any other authenticator but the password.
I wish this could be customized somehow, like asking again for 2FA, or simply ignored.
Is there a way to do it?
Best,
Francis
Reply all
Reply to author
Forward
0 new messages