Hi
We used to suppress basic auth popup (SP-initiated) with request URL looking like this:
// Ensure the SAML configuration is loaded. SAMLController.Initialize(); var singleSignOnServiceUrl = "https://username:password@idp.example.com/";
SSOOptions sSOOptions = new SSOOptions(); sSOOptions.RequestedUserName = uid;
SAMLServiceProvider.InitiateSSO(Response, stateRelay, returnUrl, sSOOptions, null, singleSignOnServiceUrl);
This option is deprecated. And it is not secure. They suggest using the credentials in the Authorization header instead. But, all details are going to the handler by InitiateSSO. May I know how to achieve this?
|