I have set up the samples and have succesfully started an SSO session using the MvcExampleServiceProvider and the MvcExampleIdentityProvider.
However, when I try to simulate another application by using a different browser (chrome versus firefox for example), then I have to log in again though I still have an active session in the first browser.
My goal is to use SP-instantiated SSO.
Somehow it seems that a session cookie is preserved within the browser. Another browser obviously does not have this session and will make me log in again.
Am I missing something? The point maybe, or some settings?
Your answer in http://www.componentspace.com/Forums/1903/SSO-across-cross-domain-web-applications makes me think SSO should be possible in the way I describe, though your scenario is slightly different.
SAML SSO doesn’t directly establish authentication cookies within applications. It simply means that the user only has to login at the identity provider site and not the service provider sites. The only difference between SSO and traditional login is the mechanism for authenticating the user. After that the same approach applies within the application for tracking authenticated users (ie typically an authentication cookie that isn’t shared between browsers).
Our SAML API reflects this with a call to SAMLServiceProvider.ReceiveSSO in the service provider application returning the user information supplied by the identity provider. It’s up to the application to make use of this information and typically create an authentication session cookie.