41
<AuthnRequest
xmlns="urn:oasis:names:tc:SAML:2.0:protocol"
ForceAuthn="true"
ProviderName="CarRentalInc.com"
ID="abe567de6"
Version="2.0"
IssueInstant="2005-01-31T11:58:00Z"
Destination="https://www.AirlineInc.com">
<Subject
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<NameID
Format="urn:oasis:names:tc:1.1:nameid-format:emailAddress">
j.doe@acompany.com
</NameID>
</Subject>
</AuthnRequest>
IdP,
please authenticate the subject
again, i.e., don't return an
assertion from a prior authentication.
Note: this attribute defaults to
false.
Setting
ForceAuthn="true" is analogous to telling a Web cache to go back to the originating server, i.e., don't return a cached document.