1

I'm using ADFS as STS to access an external SAML Idp, and I need to force authentication to happen in certain use cases. This seems to be possible only through modified IdpInitiatedSignOnPage as suggested in

AD FS 2.0 Sign-In Pages Customization Overview (http://msdn.microsoft.com/en-us/library/ee895361.aspx)

SignOnRequestParameters parameters = new SignOnRequestParameters();

// Require the user to authenticate.
parameters.ForceAuthentication = true;

My Question is, how do I get this to work when using the wsfederation? Specifying wfresh="0" seems to have no effect at all? What am I missing? Is this use case even supported?

4

1 回答 1

0

这个问题有点令人困惑——您询问了 SAML,但随后使用了 wfresh,它仅适用于 WS Federation。

SAML 等效的 IIRC 是 ForceAuthentication。

您是否尝试过在 web.config 的 federatedAuthentication 部分设置新鲜度选项?

于 2014-01-13T20:58:18.603 回答