Notifications

13 views

Description

"Multi SSO",(Single Sign On) implies that the user would have to sign on once with the Identity Provider and then be automatically logged in to other application like our platform.

Why users need to login again although they authenticated within their Windows operating system session ?


Release or Environment

Any

Instructions

Our solution is a delegated authentication relying on SAML, this lets a third party, an IDP (identity provider) authenticate users on behalf of the instance and then redirect the user back the instance.

However because this works beyond an intranet, it means that the user still has to login to authenticate every time the SSO session expires with a remote Identity Provider (IDP) that is not set up within the internal network but across the internet and this works using SAML.

There is a different scenario in a typical Windows environment within an intranet, a user will login to their Windows operating system once, and the other applications set up in their OS will be able to re-use the NTLM credentials (Windows Integrated Authentication)  and then as long as the applications are set up to use SSO, then the use never has to login again for as long as their Windows session is active.

It is therefore expected behavior for the user to get prompted with an SSO page when both the platform session and IDP session expire.

One workaround consists in increasing the timeout of the session both within the platform and also the remote IDP server


Article Information

Last Updated:2020-07-15 15:35:29
Published:2020-07-15