Reauthentication with Identity Server 3 and SAML

1
votes

I've implemented Identity Server 3 with SAML based on this example: https://github.com/Sustainsys/Saml2/tree/master/Samples/SampleIdentityServer3

Everything is working, but the SAML Identity Provider (DigiD) requires reauthentication. This is done by sending the SAML AuthnRequest again.

Does anyone know how the SAML AuthnRequest can be send again from Identity Server 3? I've tried to use refresh tokens, but this doesn't seem to trigger another SAML AuthnRequest.

1
samlsaml-2.0identityserver3refresh-tokensustainsys-saml2

1 Answers

0
votes

There are two parts required here

  1. Get IdentityServer3 initiate another authentication request with the Sustainsys.SAML2 module.
  2. Optionally set the ForceAuthn flag in the created AuthnRequest to the SAML2 Idp, to instruct it to actually reauthenticate and not rely on an existing session (don't remember if the library supports it).