firebase-js-sdk icon indicating copy to clipboard operation
firebase-js-sdk copied to clipboard
verified publisher icon firebase

FR: Support for ForceAuthn flag in the SAML AuthnRequest

Open krymen opened this issue 5 years ago • 10 comments

[REQUIRED] Describe your environment

  • Operating System version: macOS 10.15.7
  • Browser version: Chrome 86.0.4240.111
  • Firebase SDK version: 7.21.1
  • Firebase Product: auth

[REQUIRED] Describe the problem

We want to be able to pass ForceAuthn as an attribute for the AuthnRequest when signing in users with SAML (https://cloud.google.com/identity-platform/docs/web/saml). The goal is to notify the IdP to not use any previous security context when authenticating the user.

As per https://wiki.shibboleth.net/confluence/display/SP3/ForceAuthn:

SAML includes an optional feature during login requests called ForceAuthn that acts as a signal to the Identity Provider to require some form of user interaction during the course of handling the request, overriding the usual implicit assumption that it's acceptable to reuse authentication state from an earlier request (i.e., Single Sign-On).

krymen avatar Oct 30 '20 13:10 krymen

Hey there! I've filed b/172259671 to track this feature request internally :)

malcolmdeck avatar Nov 02 '20 19:11 malcolmdeck

any updates on this issue? 🙇 it doesn't seem possible to force user account selection / re-consent for SAMLAuthProvider at the moment (as you can with google / oauth prompt: select_account custom parameter)

paulyoung5 avatar Dec 16 '21 14:12 paulyoung5

Any update here? Would love to be able to force account selection with SAML providers.

cdgco avatar Dec 26 '22 02:12 cdgco

Thanks for reporting this. Please plus one if you need this feature, which will help us prioritizing.

renkelvin avatar Dec 28 '22 18:12 renkelvin

Hi - this is very important to us as an organization. Is there any update on this issue? How can this be prioritized? This issue is three years old by now. Very frustrated. @renkelvin

marcwsnc avatar Jul 20 '23 21:07 marcwsnc

This feature is greatly desired for my organization as well - we're working with some IdP's that have long-lived security contexts and it would be essential to force reauthentication for SAML providers.

antarticuno avatar Jul 28 '23 15:07 antarticuno

Is there any update on this issue? It is causing some significant issues for our organization and clients.

simon-perez-crio avatar Aug 15 '23 17:08 simon-perez-crio

This problem is very confusing for our users.

wieringen avatar Sep 14 '23 07:09 wieringen

Any news on this? The issue has been open for nearly 3.5 years now.

Stofkat avatar Jan 25 '24 10:01 Stofkat

Any updates on this?

stnrd avatar Jan 26 '24 09:01 stnrd