SSOOptions for InitiateSSO - suppress basic AUTH popup with request URL

SSOOptions for InitiateSSO - suppress basic AUTH popup with request...

Author	Message
mlam	mlam Posted Last Year #11602
New Member Group: Forum Members Posts: 18, Visits: 46	Hi We used to suppress basic auth popup (SP-initiated) with request URL looking like this: // Ensure the SAML configuration is loaded. SAMLController.Initialize(); var singleSignOnServiceUrl = "https://username:password@idp.example.com/"; SSOOptions sSOOptions = new SSOOptions(); sSOOptions.RequestedUserName = uid; SAMLServiceProvider.InitiateSSO(Response, stateRelay, returnUrl, sSOOptions, null, singleSignOnServiceUrl); This option is deprecated. And it is not secure. They suggest using the credentials in the Authorization header instead. But, all details are going to the handler by InitiateSSO. May I know how to achieve this?
	Reply
ComponentSpace	ComponentSpace Posted Last Year #11605
ComponentSpace Development Group: Administrators Posts: 2.9K, Visits: 9.6K	The SAML specification doesn't support a mechanism for passing a password from the SP to the IdP. It does support passing an optional user name (ie the ssoOptions.RequestedUserName) but not all IdPs support this. If you were to somehow pass the user's password to the IdP, this would have to be a proprietary mechanism and you would need to think very carefully about the security implications. It's not something we recommend doing and I'm surprised it's supported by the IdP. Regards ComponentSpace Development
	Reply

Existing Account
Email Address: Password: Reset Your Password Remember Me	Social Logins