The forceAuth=true query parameter forces the user to authenticate - even if the user currently has a valid session. (forceAuth=false is the default but is not explicitly appended to the URL.) forceAuth is useful in the following cases:
If a user is authenticated with http://OpenSSO-machine-name.domain:port/opensso/UI/Login?module=LDAP and accesses the URL again, there would be no prompt for authentication. However, if the user is authenticated with http://OpenSSO-machine-name.domain:port/opensso/UI/Login?module=LDAP and accesses http://OpenSSO-machine-name.domain:port/opensso/UI/Login?module=LDAP&forceAuth=true, the user is prompted to authenticate again. If authentication is successful, the existing session token is updated accordingly. If authentication fails, the existing session token is still valid but it is not updated.
If a user is authenticated with http://OpenSSO-machine-name.domain:port/opensso/UI/Login?module=LDAP and accesses http://OpenSSO-machine-name.domain:port/opensso/UI/Login?module=DataStore (forceAuth=true is not appended to the URL), the user is prompted to authenticate again using the Data Store authentication module. After successfully authenticating to the second module, OpenSSO Enterprise creates a new session token, and copies the properties from the old session before destroying it. However, if the user is authenticated with http://OpenSSO-machine-name.domain:port/opensso/UI/Login?module=LDAP and accesses http://OpenSSO-machine-name.domain:port/opensso/UI/Login?module=DataStore&forceAuth=true (forceAuth=true is appended to the URL), the user is prompted to authenticate again but, after successfully authenticating using Data Store, the existing session token is updated.
See Upgrading Sessions for more information.