Hi,
I tried the given example for ASP .Net and your APIs work fantastic.
While trying the given example for ASP.Net , I observe that, in case of SP initiated SSO, it shows ADFS page where user have to enter his credentials.
Is there any way we can hide this redirection or do not show this ADFS page and user gets signed in silently?
What I am expecting is:
1. User enters credentials
2. It goes to ADFS silently without showing ADFS page to user.
3. User gets validated and signed in to service provider’s site
I do not want to show user the ADFS page to enter credentials.
Thanks,
Lokesh
Hi Lokesh
The SAML specification doesn’t support the user credentials being entered at the service provider site. The user must be authenticated at the identity provider and, for user name/password authentication, these are entered at the identity provider. The SAML specification has no mechanism to transport the user credentials from the service provider to the identity provider.
Part of the rationale for this is that there are security implications if the user were to enter their credentials at the service provider. It’s far more secure if the credentials are entered at the site to which they belong.
If the ADFS identity provider and the service provider are part of the same organization and users are logged into the AD domain, you do have the option of using Integrated Windows Authnentication (IWA). This would mean that the user wouldn’t be prompted to login at ADFS as they’re already logged into the AD domain.