Skip to Content
0

Fiori SSO with ADFS using SAML2 - Browser behaviour

Feb 06, 2017 at 05:20 AM

223

avatar image

Hi Friends,

A quick question on the SSO of fiori with ADFS using SAML2. We configured everything by book and now users can login to Fiori systems using their AD credentials. So the SSO is working fine, but i have a question regarding this solution.

Once the users close the browser on the desktop and use the Fiori launchpad URL again they are redirected to the ADFS page. However by SSO i was under assumption that if less than 8 hrs the users should be logged in automatically even if they close the browser. ? Is this the standard behavior ? Howz the concept of SSO justified in this case ?

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
Carsten Olt Feb 19, 2017 at 09:15 AM
0

Dear Santosh,

the behavior you've described is correct, due to the nature of SAML2.0 (SP initiated SSO) the user has to authenticate against your IdP (ADFS). Depending on the configuration, this could be a normal basic authentication using AD credentials or SSO via NTLM or better Kerberos/SPNego. So please check the SSO and user session lifetime settings on your IdP.

Windows mainly leverages Kerberos for SSO. Once a user is authenticated (logon to PC), his ticket (TGT) stays valid for 10h by default, thus the user (browser) is able to request a service ticket (ST) for the IdP from KDC without re-authentication and to SSO against.

Regards,

Carsten

Share
10 |10000 characters needed characters left characters exceeded