ComponentSpace

Forums



SSO without redirection


SSO without redirection

Author
Message
Natasha
Natasha
New Member
New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)New Member (9 reputation)

Group: Forum Members
Posts: 3, Visits: 4
How can we implement SSO using SAML2.0 without redirection? Are there any low level APIs in component space that can we used to post username/password to the IDP and get SAML assertion as response.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
This isn't supported by the SAML specification.
To achieve SAML SSO, the service provider must redirect to the identity provider. This is done by sending a SAML authn request either using an HTTP Redirect or HTTP Post (via the browser).
The SAML authn request may include the user's name and we support sending this but many identity providers don't support receiving the user name and will ignore it.
You cannot send the user's password for security reasons.
Login must occur at the identity provider site.
This isn't a limitation in our product but rather good security practice imposed by the SAML specification. 

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search