We used to suppress basic auth popup (SP-initiated) with request URL looking like this:
// Ensure the SAML configuration is loaded.
var singleSignOnServiceUrl = "https://username:firstname.lastname@example.org/";
SSOOptions sSOOptions = new SSOOptions();
sSOOptions.RequestedUserName = uid;
SAMLServiceProvider.InitiateSSO(Response, stateRelay, returnUrl, sSOOptions, null, singleSignOnServiceUrl);
This option is deprecated. And it is not secure. They suggest using the credentials in the Authorization header instead. But, all details are going to the handler by InitiateSSO. May I know how to achieve this?