Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-37564

As a portal administrator, I would like to force reauthentication for SAML

Details

    Description

      Add support for forceAuth in SAML SP.

      1. Set up two instances of SAML, one as IdP and the other as SP. For configuration, see: https://www.liferay.com/group/customer/knowledge/kb/-/knowledge_base/article/40556658#use-case2
      2. For the SP machine, navigate to Server Admin > SAML Admin > Identity Provider Connection.
      3. Enable IdP force Authentication by checking the 'Force Authn' checkbox (see screenshot).
      4. Logout of the SP and IdP.
      5. On the same browser, open two tabs.
      6. On the first tab, navigate to locahost:8080 and do a regular login.
      7. On the second tab, navigate to www.able.com:9080 and initiate a SP initiated SSO.
      8. If 'Force Authn' is enabled, then regardless if the IdP is logged in, the IdP will force the SP to reauthenticate (ie login again).
      9. If 'Force Authn" is not enabled, then because the IdP is logged in, the SP will login automatically without having to login again.

      Attachments

        Issue Links

          Activity

            People

              albert.lee Albert Lee (Inactive)
              mika.koivisto Mika Koivisto (Inactive)
              Kiyoshi Lee Kiyoshi Lee
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Packages

                  Version Package
                  6.1.X EE
                  6.2.X EE
                  7.0.0 M4