I found the answer! The SAML2 protocol supports an attribute in the AuthnRequest called 'ForceAuthn' that can be set to true to enable forced authentication. Fortunately, the SP I'm setting up supports it.
On Tuesday, October 12, 2021 at 4:59:13 PM UTC-7 Dustin Luck wrote: > I know that for SPs that use the CAS protocol, renew=true can be added to > the URL by the client to do a "forced authentication > <https://apereo.github.io/cas/6.3.x/planning/Security-Guide.html#forced-authentication>". > > Is there any way that SAML2 SPs can do the same thing or does it need to be > configured in the CAS service registry? > > (CAS = 6.3.6) > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1dc81f35-8544-46b3-9276-00cc37e93c8fn%40apereo.org.
