Hi,
SP is including forceauthn=true in request to NAM IDP, no problem that works as expected when NAM is doing the authentication using local contracts.
But customer also using external IDP configured for authentication and then forceauth first works in the sense that NAM is forcing users to select a authetication method.
But if users already is authenticated to external IDP the will get SSO there even if forceauthn was true in initial authnrequest.
I understand that I can enable forceauthn in external IDP configuration, but that will remove sso from all SP using that external IDP and there is only a few that don't want sso to happen.
Is there a way to configure NAM to add forceauthn=true if that is included in initial request?
/Lennart