Is there a way to add the ForceAuthn property to a SAML V2 request?
-
We have Google SAML V2 as an Identity Provider and are running into a Google issue where if a user has multiple Google accounts (personal / work) and chooses the wrong account to authenticate to, the authentication rightfully fails, but Google seems to "cache" that the user selected the wrong account and no longer gives the user the option to choose what account they can sign into.
Reading some forums online makes it seem that if you have
ForceAuthn="truein the SAML v2 request, that it may give you the option to choose accounts each time an authentication request is made.Since Lambdas are used on the SAML response, is there any mechanism that FusionAuth has to be able to append properties to the SAML request?
I am not entirely sure that this will fix the issue at hand, but a few forums seem to suggest it might remedy the issue.
-
I do not believe there is any way to modify the SAML request beyond what is configurable in the identity provider: https://fusionauth.io/docs/v1/tech/identity-providers/samlv2/
Please feel free to file a github issue detailing the desire to be able to add
ForceAuthn: https://github.com/fusionauth/fusionauth-issues/issues--
FusionAuth - Auth for devs, built by devs.
https://fusionauth.io -
Thanks for filing the issue, @jlinton !
For anyone else following along, it's here: https://github.com/FusionAuth/fusionauth-issues/issues/1736
Please feel free to upvote it or check the issue to determine if/when it is resolved.
-
Is it possible to leverage what is described in this post?
https://fusionauth.io/community/forum/topic/663/force-google-account-selection-on-every-login
Also, how entrenched are you with SAML?
