XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    SAML Force ReAuth

    Scheduled Pinned Locked Moved Xen Orchestra
    9 Posts 4 Posters 638 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jeffmetalJ Offline
      jeffmetal
      last edited by

      Just Setup xen Orchastra and configured auth-saml to authenticate against azure/Entra. If I have already authenticated against Azure in another browser tab then I'm auto logged into Xo. Some services allow for force reauthentication on each login.

      It appears you are using https://github.com/node-saml/passport-saml this library for Saml 2.0 and it does support this feature and is called forceAuthn. Would it be possible to add another toggle like "Don't request an authentication context" that switches this feature on or off.

      forceAuthn: if set to true, the initial SAML request from the service provider specifies that the IdP should force re-authentication of the user, even if they possess a valid session.
      1 Reply Last reply Reply Quote 0
      • olivierlambertO Offline
        olivierlambert Vates 🪐 Co-Founder CEO
        last edited by

        That's possible but you'll have to test it if we add it, because we have zero way to test that 🙂

        Pinging @julien-f

        jeffmetalJ 1 Reply Last reply Reply Quote 0
        • jeffmetalJ Offline
          jeffmetal @olivierlambert
          last edited by

          @olivierlambert More than happy to test it.

          From what I understand this feature is actually optional in the saml standard so a fair few providers do not support it and just ignore it. Might confuse a few people when it does nothing for their IDP. Defiantly works for entra though.

          julien-fJ 1 Reply Last reply Reply Quote 0
          • julien-fJ Offline
            julien-f Vates 🪐 Co-Founder XO Team @jeffmetal
            last edited by

            @jeffmetal Please test the saml-forceAuthn branch and keep me posted 🙂

            julien-fJ 1 Reply Last reply Reply Quote 0
            • julien-fJ Offline
              julien-f Vates 🪐 Co-Founder XO Team @julien-f
              last edited by

              @jeffmetal Will you be able to test it this week? 🙂

              jeffmetalJ 1 Reply Last reply Reply Quote 0
              • jeffmetalJ Offline
                jeffmetal @julien-f
                last edited by

                @julien-f Just looking at testing this now, will let you know once its setup.

                julien-fJ 1 Reply Last reply Reply Quote 0
                • julien-fJ Offline
                  julien-f Vates 🪐 Co-Founder XO Team @jeffmetal
                  last edited by

                  @jeffmetal Thank you!

                  1 Reply Last reply Reply Quote 0
                  • D Offline
                    danielspahiu
                    last edited by

                    @julien-f @jeffmetal I tested this and all seems to be working

                    julien-fJ 1 Reply Last reply Reply Quote 0
                    • julien-fJ Offline
                      julien-f Vates 🪐 Co-Founder XO Team @danielspahiu
                      last edited by

                      @danielspahiu Thank you! ❤

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post