SAML: use ForceAuthn option

modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm

@@ -805,8 +805,14 @@ sub extractFormInfo {
     $self->{_idp} = $idp;
     my $IDPentityID = $self->{_idpList}->{$idp}->{entityID};
 
+    # IDP Options
+    my $forceAuthn =
+      $self->{samlIDPMetaDataOptions}->{$idp}
+      ->{samlIDPMetaDataOptionsForceAuthn};
+
     # Create SSO request
-    $login = $self->createAuthnRequest( $server, $IDPentityID, $method );
+    $login =
+      $self->createAuthnRequest( $server, $IDPentityID, $method, $forceAuthn );
 
     unless ($login) {
         $self->lmLog( "Could not create authentication request on $IDPentityID",

modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm

@@ -211,14 +211,15 @@ sub getOrganizationName {
     return $data->{OrganizationName}->{content};
 }
 
-## @method Lasso::Login createAuthnRequest(Lasso::Server server, string idp, int method)
+## @method Lasso::Login createAuthnRequest(Lasso::Server server, string idp, int method, boolean forceAuthn)
 # Create authentication request for selected IDP
 # @param server Lasso::Server object
 # @param entityID IDP entityID
 # @param method HTTP method
+# @param forceAuthn force authentication on IDP
 # @return Lasso::Login object
 sub createAuthnRequest {
-    my ( $self, $server, $idp, $method ) = splice @_;
+    my ( $self, $server, $idp, $method, $forceAuthn ) = splice @_;
 
     # Create Lasso Login
     my $login = $self->createLogin($server);
@@ -250,6 +251,10 @@ sub createAuthnRequest {
     $request->NameIDPolicy()
       ->Format(Lasso::Constants::SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT);
     $request->NameIDPolicy()->AllowCreate(1);
+    if ($forceAuthn) {
+        $self->lmLog( "Force authentication on IDP", 'debug' );
+        $request->ForceAuthn(1);
+    }
 
     # Build authentication request
     unless ( $self->buildAuthnRequestMsg($login) ) {