Transparent SSO with SAML (IE, SAML 2.0, ADFS, Kerberos authentication)

YMC picture YMC · Feb 7, 2012 · Viewed 9.4k times · Source

Configuration is: ADFS 2.0 as IdP (both WS-Federation and SAML 2.0 are supported), ASP.NET app as Service Provider. When SPS requests ADFS with WS-Federation standard (WIF used) it lets me login to ADFS automatically with no login pop-up window even if new session started, so that Kerberos token does its job well as expected. However in case of SAML 2.0 (ComponentSpace.SAML.2 lib is used) every time I open IE9 and being redirected to ADFS, I'm asked to enter my windows domain credentials in a standard small pop-up login window. Is any SAML 2.0 parameter or other technique letting me to get rid of this window like in the WS-Fed case? Thanks

Answer

Luis dB picture Luis dB · Sep 14, 2012

adfsserver.us.mycompanyname.com/adfs/ls is in the Internet zone and the automatic login will not happen.

adfsserver/adfs/ls is in your Intranet zone in IE and will log in automatically.

You could add adfsserver.us.mycompanyname.com to your trusted (or Intranet zone) sites list and you should be not be prompted for credentials.