I have authenticated from IDP and stored the SAML response in session in SP.
If I close the browser and i open another browser, can i access the same session stored in IDP.
Just like google, even if i close the browser, with out asking credentials we can directly access the google applications.
Please help me out
We use a session cookie to access the SAML session state.
If the browser is closed the cookie is lost.
You would need to use a persistent cookie to ensure it existed over browser invocations.
Currently this isn’t supported.
Will the IdP and SP authentication cookies be persistent?
If they’re not, I’m not sure if there’s an advantage in using a persistent cookie for the SAML session.
If they are, initiating SSO again won’t prompt the user to re-authenticate and so should appear seamless to the user.
[quote][/quote]
We use a session cookie to access the SAML session state.
If the browser is closed the cookie is lost.
You would need to use a persistent cookie to ensure it existed over browser invocations.
Currently this isn't supported.
Will the IdP and SP authentication cookies be persistent?
If they're not, I'm not sure if there's an advantage in using a persistent cookie for the SAML session.
If they are, initiating SSO again won't prompt the user to re-authenticate and so should appear seamless to the user.
If the browser is closed the cookie is lost.
You would need to use a persistent cookie to ensure it existed over browser invocations.
Currently this isn't supported.
Will the IdP and SP authentication cookies be persistent?
If they're not, I'm not sure if there's an advantage in using a persistent cookie for the SAML session.
If they are, initiating SSO again won't prompt the user to re-authenticate and so should appear seamless to the user.
If I store SAML Sesion in Peristent cookie in both IDP and SP, will InitiateSSO gives response back to the same user with out asking login credentials?
The SAML session cookie maintains SAML session state associated with the SAML protocol.
This is not the same as the authentication cookies used by the identity provider and service provider sites.
If the SAML session cookie were persistent the user would still be prompted to login as this is controlled by the IdP and/or SP applications.
Instead, either the IdP and/or SP would have to use persistent cookies.
[quote][/quote]
The SAML session cookie maintains SAML session state associated with the SAML protocol.
This is not the same as the authentication cookies used by the identity provider and service provider sites.
If the SAML session cookie were persistent the user would still be prompted to login as this is controlled by the IdP and/or SP applications.
Instead, either the IdP and/or SP would have to use persistent cookies.
This is not the same as the authentication cookies used by the identity provider and service provider sites.
If the SAML session cookie were persistent the user would still be prompted to login as this is controlled by the IdP and/or SP applications.
Instead, either the IdP and/or SP would have to use persistent cookies.
If Persistent Cookie is maintained in Service Provider, Iam checking whether SAML Session exists in IDP or not for every request , then how Service provider will get to know the same session exists in Identity provider.
My Scenario:
After authenticating from IDP , storing session values and stored the saml response in cookies, If i close the browser and launch the URL again, Iam checking the session exists or not in IDP, for now it is returning false and again asking for credentials.
For me , Unless I click logout on Service provider, IDP should not ask for credentials, even if i close the browser and re-open it?
What are the scenarios I need to handle this?
This is controlled by the IdP. If the user opens a new browser session and the IdP doesn’t persist the cookie the user will have to login again.