[keycloak-user] Unable to get SAML ForceAuthn to work
Neil Russell
nrussell at egbc.ca
Thu Aug 29 15:03:05 EDT 2019
Hey,
I'm trying to get ForceAuthn to work with a third party who is using Shibboleth but have been unable to get it to force re-authentication if I have an existing session. I've inspected the SAML request and ForceAuthn is being passed in the request, one issue is that Shibboleth passes ForceAuthn="1" instead of ForceAuthn="true" and the parser doesn't appear to handle that. I made a fix to the StaxParserUtil class to try and get it working but even though I can now see that parser is returning true when the ForceAuthn attribute is read I'm still not getting the expected behaviour and I'm not sure where to look next.
Any suggestions would be appreciated, am I looking in completely the wrong place?
Thanks,
Neil Russell
More information about the keycloak-user
mailing list