Hi all, When there is an already authenticated session for an application user with Identity Server, there is no necessity to prompt for another login to the IS if the user logs into the application from another tab in the same browser. However we can change the service providers authentication scheme (authentication steps and authenticators in each step) while the user has this session. In this case, if the user tries to log into the application he is not prompted for re-authentication. This is the default behavior of IS. Shouldn't we prompt the user to authenticate if the service provider's authentication scheme is modified or is this an intended behavior?
Appreciate your thoughts on this. Thanks, Sathya -- Sathya Bandara Software Engineer WSO2 Inc. http://wso2.com Mobile: (+94) 715 360 421 <+94%2071%20411%205032> <+94%2071%20411%205032>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
