Hello @Adel Akilo,
Thank you for posting your query on Microsoft Q&A.
Based on your description, it seems that you want users to be prompted to re-authenticate when accessing your SAML application, either by modifying the SAML request or by enforcing PasswordProtectedTransport
. Currently, users are being asked to select their username but are not being prompted for a password due to SSO.
It's important to note that the PasswordProtectedTransport
AuthnContextClassRef
won't force re-authentication; it only indicates the method through which the user authenticated. For more details, please refer to the document on RequestedAuthnContext
If your main goal is to require users to re-authenticate when accessing your application, even if they have an active session with Entra ID, this can only be achieved by setting the ForceAuthn
parameter to True
.
You need to make this change in the AuthnRequest
or SAML request sent by your service provider (application). A sample SAML 2.0 AuthnRequest
might look like this:
<samlp:AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w" Version="2.0" IssueInstant="2024-08-28T01:08:04.612Z" IsPassive="false" AssertionConsumerServiceURL="https://sptest.iamshowcase.com/acs" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ForceAuthn="false"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">IAMShowcase</Issuer></samlp:AuthnRequest>"
In your request, set the ForceAuthn
parameter to True
instead of False
. This way, when users attempt to access the application, they will be required to re-authenticate even if they have a valid, active session with Entra ID.
You should contact your application service provider to request that they change the ForceAuthn
parameter to True
in the SAML request.
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Thanks,
Raja Pothuraju.