-
Type:
Story
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Application Security > SAML
-
Labels:
-
Epic Link:
Motivation
Currently there is a simple checkbox on the IDP connection labelled "Force Authn". The purpose of the setting is to prevent stale security context from being used on the IDP when the SP sends an authentication request.
Though this is necessary in some use cases, the current approach has questionable usefulness. If you enable it, you loose all automatic SSO capability with the SAML IDP.
A better implementation would be to allow the admin to configure a "Maximum Authn Age", to better reflect their desired balance of security vs. UX.