We configured an SSO in our Pega app using a SAML Authentication Service. Users log in providing a personal certificate or a password. Once authenticated, somewhere in the business process (due to security requirements) we need to ask the user for credentials again in order to validate those against IdP (same used in SSO). Our doubt is how we could manage this with Pega. We are in Pega Infinity '24.2.2.

Our requirement is quite the same as this:

Invoke SAML post SSO as a step up authentication | Support Center

Our First Approach

IdP team provided us with a new federation for (something like) a re-authentication. So, we configured a second SAML Authentication Service pointing to new IdP metadata. We configured a button to call the new SAML Auth. Service to validate the identity. The result is user is not asked to introduce certificate or password again. Instead, the user gets into the app with no extra validation. Is there a way we could force this second call to the SAML Auth. Service?