ComponentSpace

Forums



multiple service providers and sso without needing to click a signin link


multiple service providers and sso without needing to click a signin...

Author
Message
[email protected]
mbonthu@acep.org
New Member
New Member (31 reputation)New Member (31 reputation)New Member (31 reputation)New Member (31 reputation)New Member (31 reputation)New Member (31 reputation)New Member (31 reputation)New Member (31 reputation)New Member (31 reputation)

Group: Forum Members
Posts: 22, Visits: 63
Is there a way service provider (sp2) would know that the idp has already established an active login session with another sp (sp1)? I am trying to avoid the additional step of a user clicking "signin" link on the sp2 to acutally signin ( Granted that behind the scenes, a request is being sent to idp and a SAML POst response happens and a session is created on sp2 and the user does not have to enter his credentials again). Is this possible?

A page on a sp2 which is behind a login when accessed will create the session anyway as it will call the idp, but what if the user lands on a page that is not behind a login. I still want him to see the message welcome johndoe, instead of welcome Guest, Please login if a login session has already been created at the idp.

Tags
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The SAML specification doesn't define a mechanism for the SP to know if an active login session exists with another SP.
The normal way to handle login at the SP is to use the standard ASP.NET authorization mechanism you would use if the user had to login locally at the SP. So, configure pages that are only accessible to authorized users and also configure a login page.
Instead of the login page prompting for the user's credentials and validating them, it would call SAMLServiceProvider.InitiateSSO to initiate SSO to the IdP.
This is how the high-level API ExampleServiceProvider project works. It's login page includes a link that must be clicked to initiate SSO but in a production environment you most likely wouldn't have this link and SSO would be initiated automatically.
If the user isn't logged in at the IdP then they'll be prompted to do so. If the user is already logged in at the IdP then no prompting is required and SSO completes without any user intervention.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search