Testing an external IdP we were advised to explicitly add ForceAuth and isPassive attributes to the Authentication request. These are not in the request issued by PicketLInk based on the picketlink.xml
Some configurable attributes are in there like AssertionConsumerServiceURL, Destination, but how can isPassive and AuthnRequest be set to false explicitly?