We implemented a policy backed identity provider that uses a policy fragment with a bunch of authentication logic, such as updating number of failed login attempts.
The backing policy is not executed at every request if the call to Authenticate Against Identity Provider assertion is done within a short period of time (~ 30 seconds).
There seems to be some caching of the authentication result going on, that causes the Identity Provider to return without executing the backing policy.
I can't see that in any settings or documentation.
Can anybody confirm this and advice how to make it execute the policy for every request?
(We could course could skip the use of an IP, but it would be nice to have)