[Satosa-dev] forced reauthentication at the authenticating IdP?

Hi, On 6 May 2019, at 21:53, Scott Koranda wrote: Hi, Am I correct that the SATOSA SAMLBackend class currently has no way to dynamically set "force_authn" so that the SAML authn request sent to the authenticating (campus) IdP includes the forced reauthentication flag? We have added support for setting "force authn" when the SAMLFrontend receives an authentication request with with that bit on. This is part of this PR: https://github.com/IdentityPython/SATOSA/pull/182 which introduces four new configuration options: * CONTEXT_STATE_DELETE * remember_selected_idp_from_disco * use_disco_when_forceauthn * mirror_saml_forceauthn We have been using this in production for more than 1 year. Christos -- Christos Kanellopoulos Senior Trust & Identity Manager GÉANT M: +31 611 477 919 Networks • Services • People Learn more at www.geant.org​<http://www.geant.org%E2%80%8B> GÉANT Vereniging (Association) is registered with the Chamber of Commerce in Amsterdam with registration number 40535155 and operates in the UK as a branch of GÉANT Vereniging. Registered office: Hoekenrode 3, 1102BR Amsterdam, The Netherlands. UK branch address: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK.