FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Is there a way to add the ForceAuthn property to a SAML V2 request?

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    3
    4
    778
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jlinton
      last edited by

      We have Google SAML V2 as an Identity Provider and are running into a Google issue where if a user has multiple Google accounts (personal / work) and chooses the wrong account to authenticate to, the authentication rightfully fails, but Google seems to "cache" that the user selected the wrong account and no longer gives the user the option to choose what account they can sign into.

      Reading some forums online makes it seem that if you have ForceAuthn="true in the SAML v2 request, that it may give you the option to choose accounts each time an authentication request is made.

      Since Lambdas are used on the SAML response, is there any mechanism that FusionAuth has to be able to append properties to the SAML request?

      I am not entirely sure that this will fix the issue at hand, but a few forums seem to suggest it might remedy the issue.

      danD J 2 Replies Last reply Reply Quote 0
      • danD
        dan @jlinton
        last edited by

        @jlinton

        I do not believe there is any way to modify the SAML request beyond what is configurable in the identity provider: https://fusionauth.io/docs/v1/tech/identity-providers/samlv2/

        Please feel free to file a github issue detailing the desire to be able to add ForceAuthn: https://github.com/fusionauth/fusionauth-issues/issues

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        danD 1 Reply Last reply Reply Quote 0
        • danD
          dan @dan
          last edited by

          Thanks for filing the issue, @jlinton !

          For anyone else following along, it's here: https://github.com/FusionAuth/fusionauth-issues/issues/1736

          Please feel free to upvote it or check the issue to determine if/when it is resolved.

          --
          FusionAuth - Auth for devs, built by devs.
          https://fusionauth.io

          1 Reply Last reply Reply Quote 0
          • J
            jthughey @jlinton
            last edited by

            @jlinton

            Is it possible to leverage what is described in this post?

            https://fusionauth.io/community/forum/topic/663/force-google-account-selection-on-every-login

            Also, how entrenched are you with SAML?

            1 Reply Last reply Reply Quote 1
            • First post
              Last post