Hi there,
Am using openam 6.5.5, how to enable ForceAuthn =“true” by default it is coming as false, and also wanted to have IsPassive=“true” in the saml request. See below sample request for your reference.e
Can you provide more details on how you are starting/setting the request? Is there a sample of the Spinit url you started with or how are you trying to set this by default?
There was a Jira around ForceAuth and SAML this fixed in 6.5.3 so this should work.
This did rely on a new Advanced property org.forgerock.openam.saml2.authenticatorlookup.skewAllowance:
Default to 60 seconds
But this wouldn’t have changed that ForceAuthn=true/or false, this affected more removing any existing sessions to ensure the user is prompted.
It depends on how you initiate SAML authn at your hosted SP. If using the spssoinit endpoint or spSSOInit.jsp, then you can use the ForceAuthn and isPassive request parameters to control the contents of the SAML authentication request.
When using the SAML2 module/node, usually the module/node will have a setting for these sort of things. If memory serves passive authentication does not work with the node though.