I recently ran successfully the spring-saml-sample working with ADFS 2.0.
However I noticed that ADFS only ask me once my user/pass, and then I can enter as many times I want but always with the same user (even when I did a global logout).
Is seems there is a cookie or something stored locally that is sent to ADFS.
What if I want to authenticate with a different user on the same machine? How can I configure saml-extension in order to force authentication again?
SAML contains a mechanism for forcing IDP to re-authenticate user called forced authentication. You can enable it by setting flag forceAuthn
in WebSSOProfileOptions
to true. You can find more details on setting this in the Spring SAML manual, chapter 9.2.1.