Is there a way service provider (sp2) would know that the idp has already established an active login session with another sp (sp1)? I am trying to avoid the additional step of a user clicking "signin" link on the sp2 to acutally signin ( Granted that behind the scenes, a request is being sent to idp and a SAML POst response happens and a session is created on sp2 and the user does not have to enter his credentials again). Is this possible?
A page on a sp2 which is behind a login when accessed will create the session anyway as it will call the idp, but what if the user lands on a page that is not behind a login. I still want him to see the message welcome johndoe, instead of welcome Guest, Please login if a login session has already been created at the idp.
|