Force Authentication in SAML ensures that users authenticate again, even if they have an active session with the Identity Provider (IdP).
This is controlled by the ForceAuthn attribute in the AuthnRequest during a Service Provider (SP)-initiated login. When ForceAuthn is set to true, the IdP would prompt the user to enter their credentials again, regardless of any existing session.
How to enable/disable Force Authentication in SAML?
- In the miniOrange SAML 2.0 SSO plugin click on the Redirection & SSO Links tab.
- Scroll to Option 1: Auto-Redirection from the site section
- Here you can enable or disable the Force Authentication feature.
