What I have right now?
I have a working SP-initiated flow where users can authenticate against their IDP. If they return after some time and click on SP-initiated authentication link, IDP lets them bypass entering credentials.
Question
- Why does IDP decide to allow the user to jump over entering credentials? I have discovered if I delete my cookies this does not happen. Is this then IDP set cookie and IDP controlled session? Can I control this via SAML Request?
- Can I enforce IDP to always ask for credentials by setting a FOO SAML Request flag? Is this even possible?