Add support for forceAuth in SAML SP.
- Set up two instances of SAML, one as IdP and the other as SP. For configuration, see: https://www.liferay.com/group/customer/knowledge/kb/-/knowledge_base/article/40556658#use-case2
- For the SP machine, navigate to Server Admin > SAML Admin > Identity Provider Connection.
- Enable IdP force Authentication by checking the 'Force Authn' checkbox (see screenshot).
- Logout of the SP and IdP.
- On the same browser, open two tabs.
- On the first tab, navigate to locahost:8080 and do a regular login.
- On the second tab, navigate to www.able.com:9080 and initiate a SP initiated SSO.
- If 'Force Authn' is enabled, then regardless if the IdP is logged in, the IdP will force the SP to reauthenticate (ie login again).
- If 'Force Authn" is not enabled, then because the IdP is logged in, the SP will login automatically without having to login again.