Question about Unsolicited SSO and "idp.session.enabled = false"
Peter.Smith at UTSouthwestern.edu
Tue Mar 6 11:22:10 EST 2018
Is it possible to have an IDP set to disable the IdP session layer but yet have (only) Unsolicited SSO respect previous established sessions?
We've disabled the IdP session layer for security reasons and have an application which creates Unsolicited SSO URLs--opening each URL in a browser (or application) requires a new session / login regardless of any previous session / login or access. Is there any way around this?
It may be that the only way around this is to force the application vendor SP to support handling the sessions and abandon Unsolicited SSO (apparently something they don't support currently.)
The future of medicine, today.
More information about the users