cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fiori SSO with ADFS using SAML2 - Browser behaviour

Go to solution
Former Member

on ‎02-06-2017 5:20 AM

0 Kudos

Hi Friends,

A quick question on the SSO of fiori with ADFS using SAML2. We configured everything by book and now users can login to Fiori systems using their AD credentials. So the SSO is working fine, but i have a question regarding this solution.

Once the users close the browser on the desktop and use the Fiori launchpad URL again they are redirected to the ADFS page. However by SSO i was under assumption that if less than 8 hrs the users should be logged in automatically even if they close the browser. ? Is this the standard behavior ? Howz the concept of SSO justified in this case ?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Colt
Active Contributor
‎02-19-2017 9:15 AM
0 Kudos

Dear Santosh,

the behavior you've described is correct, due to the nature of SAML2.0 (SP initiated SSO) the user has to authenticate against your IdP (ADFS). Depending on the configuration, this could be a normal basic authentication using AD credentials or SSO via NTLM or better Kerberos/SPNego. So please check the SSO and user session lifetime settings on your IdP.

Windows mainly leverages Kerberos for SSO. Once a user is authenticated (logon to PC), his ticket (TGT) stays valid for 10h by default, thus the user (browser) is able to request a service ticket (ST) for the IdP from KDC without re-authentication and to SSO against.

Regards,

Carsten

Show replies
Show replies

Answers (0)

Ask a Question