Automatic logon using Windows AD credential without having to re-enter username and password at IdP
Peter Schober
peter.schober at univie.ac.at
Wed Jun 24 15:42:11 UTC 2020
* Prashanth Patali <patali at gmail.com> [2020-06-24 17:32]:
> When the user navigates to my application URL, the browser properly
> redirects to IdP and is presented with a username and password
> screen.
This pretty clearly shows that it's the IDP that should be doing
something differently (SPNEGO, instead of forms-based authn), no?
With SAML WebSSO as the protocol between the SP and the IDP the SP
sends the browser on to the IDP (with optional signalling about authn
methods, but mentioning that will probably only add confusion
here). How the IDP performs authentication is then up the IDP.
Probably the brwosers are not set up for SPNEGO with the IDP, or
something along those lines. Basically the SP is the only part that
has no role here, it's all between the web browser and the IDP.
-peter
More information about the users
mailing list