I'm using Component Space in a C# API, which interfaces with an angular app.
Everything is working beautifully in most circumstances. However, when I log in person A, and then log out of the application (but they remain logged in with the SSO provider), then try to log in person B using the same SSO provider, I'm not given the opportunity to log in with SSO because person A is still logged in via SSO. Then my app recognizes this and provides an error and nobody is logged in. This is not ideal for us; we would prefer for person B to be logged in as desired.
We have tried sending in the Requested username, but it is totally ignored (in this case by PingOne) if a user is already logged in on their end. With Active Directory we get an error when trying to send that information. We have also tried using forceAuthn, which does nothing at all with PingOne, though I haven't tried it with Active Directory.
This is how we send in the requested username and ForceAuthn:
SAMLServiceProvider.InitiateSSO(response, relay, config.entityId, new SSOOptions
{
RequestedUserName = username,
ForceAuthn = true
});
We would have expected that we would get an opportunity to switch to the provided user or at least a generic switch user page.