Automatic logon using Windows AD credential without having to re-enter username and password at IdP

Peter Schober peter.schober at
Wed Jun 24 15:42:11 UTC 2020

* Prashanth Patali <patali at> [2020-06-24 17:32]:
> When the user navigates to my application URL, the browser properly
> redirects to IdP and is presented with a username and password
> screen.

This pretty clearly shows that it's the IDP that should be doing
something differently (SPNEGO, instead of forms-based authn), no?

With SAML WebSSO as the protocol between the SP and the IDP the SP
sends the browser on to the IDP (with optional signalling about authn
methods, but mentioning that will probably only add confusion
here). How the IDP performs authentication is then up the IDP.

Probably the brwosers are not set up for SPNEGO with the IDP, or
something along those lines. Basically the SP is the only part that
has no role here, it's all between the web browser and the IDP.


More information about the users mailing list