I have a use case forced upon me by industry regulation. I wish it wasn't there, but it is.
A user logs in to my service, navigates around, etc. The user can perform many actions, but one of the actions requires (by industry regulation) that the user re-enter the username and password prior to continuing. It does not matter if the user logged in 5 seconds beforehand. In order to complete this action the user must re-enter the username and password.
We are looking to integrate with another company, using SAML to power SSO and Federated IDs. Is there a way for us to tell the IdP to re-authenticate the user, even if the user is already authenticated?
Thanks Alan