IsPassive=true in AuthnRequest to Azure when no session exists
Cantor, Scott
cantor.2 at osu.edu
Wed Sep 1 13:33:53 UTC 2021
The IdP can't prevent an SP (Moodle) from asking for IsPassive (or the CAS equivalent) and it's necessary to prevent improper outcomes that it be honored. Passive for example can make things like AJAX/SSO work more effectively, where there's no UI.
If passive flags are used, they should only happen invisibly without a user ever having to do anything. The user should be seeing some flashing, but nothing more. You would generally never do a passive login request in response to user input, it's just a silly thing to do for obvious reasons.
-- Scott
More information about the users
mailing list