IsPassive=true in AuthnRequest to Azure when no session exists

Cantor, Scott cantor.2 at
Wed Sep 1 13:33:53 UTC 2021

The IdP can't prevent an SP (Moodle) from asking for IsPassive (or the CAS equivalent) and it's necessary to prevent improper outcomes that it be honored. Passive for example can make things like AJAX/SSO work more effectively, where there's no UI.

If passive flags are used, they should only happen invisibly without a user ever having to do anything. The user should be seeing some flashing, but nothing more. You would generally never do a passive login request in response to user input, it's just a silly thing to do for obvious reasons.

-- Scott

More information about the users mailing list