diff --git a/library/EngineBlock/Corto/Module/Service/SingleSignOn.php b/library/EngineBlock/Corto/Module/Service/SingleSignOn.php
index 4fb613b26..06ee58ce8 100644
--- a/library/EngineBlock/Corto/Module/Service/SingleSignOn.php
+++ b/library/EngineBlock/Corto/Module/Service/SingleSignOn.php
@@ -375,6 +375,7 @@ protected function _createDebugRequest()
         $issuer = new Issuer();
         $issuer->setValue($this->_server->getUrl('spMetadataService'));
         $sspRequest->setIssuer($issuer);
+        $sspRequest->setForceAuthn(true);
 
         $request = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($sspRequest);
         $request->setDebug();
diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Debug.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Debug.feature
index 729be043b..d26e1e45c 100644
--- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Debug.feature
+++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Debug.feature
@@ -29,3 +29,9 @@ Feature:
     And I should see "test"
     And I should see "urn:mace:terena.org:attribute-def:schacHomeOrganization"
     And I should see "engine-test-stand.openconext.org"
+
+  Scenario: A debug AuthnRequest should force the user to relogin
+    When I go to Engineblock URL "/authentication/sp/debug"
+    And I select "Second-IdP" on the WAYF
+    And I pass through EngineBlock
+    Then the received AuthnRequest should match xpath '/samlp:AuthnRequest[@ForceAuthn="true"]'