[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: Question about forceAuthn
From:       "Mak, Steve" <makst () upenn ! edu>
Date:       2022-01-19 13:09:46
Message-ID: E1A0EC1D-5A27-44D0-BB4A-0A7164D2BC91 () upenn ! edu
[Download RAW message or body]

I can confirm that I did just find another SP that sets ForceAuthn="false" and it \
does not trigger the ignoreSSO context... You're probably right about the IP address \
change.

Thanks!

On 1/19/22, 8:05 AM, "users on behalf of Cantor, Scott" \
<users-bounces@shibboleth.net on behalf of cantor.2@osu.edu> wrote:

    On 1/18/22, 11:26 PM, "users on behalf of Mak, Steve" \
<users-bounces@shibboleth.net on behalf of makst@upenn.edu> wrote:

    >    Before I start investigating deeper, has anyone heard of this sort of \
occurrence? I don't recall seeing any  > bugs where the IdP is choosing the reauth \
flow even if the flag is set to false.

    That's not the reason. IP address changes are the most common cause of session \
invalidation.

    -- Scott


    -- 
    For Consortium Member technical support, see \
https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!IBzWLUs!DGL7YoxUe_3P3Kwh8A8VlZvEO8p9kbl7LM971eI13qJGYczqQ9j128Y5lOdy3A$ \
  To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net

-- 
For Consortium Member technical support, see \
https://shibboleth.atlassian.net/wiki/x/ZYEpPw To unsubscribe from this list send an \
email to users-unsubscribe@shibboleth.net


[prev in list] [next in list] [prev in thread] [next in thread]