Auto-detect and forward to IDP?
Peter Schober
peter.schober at univie.ac.at
Thu Dec 12 12:48:39 EST 2019
* Jason B. Rappaport <jasonrap at princeton.edu> [2019-12-12 14:30]:
> What we would like to do on initial login is have the SP present two IDP to
> select from; i.e. a chooser. The user would then select, and the SP would
> send them to the appropriate IDP and the behavior described above would
> proceed. The issue we are running into, is when sites B and C load, is they
> are going to the chooser and not loading the content as described above when
> we have a single IDP in the mix. So the question is, is it possible for the
> SP to detect what IDP was selected initially so that all subsequent requests
> from site B and C are directed to the IDP selected?
The "chooser" (IDP Discovery Service) may also have that ability,
leaving the above flow in place (i.e., access to sites B and C would
still up beint sent to the "chooser") but making it
transparent/automatic to continue on to the IDP.
That has its own drawback as it then becomes hard/impossible to ever
chose a different IDP, which begs the question why have that chooser
in the first place if your browser is then "locked" to a certain IDP.
-peter
More information about the users
mailing list