Skip to Content
avatar image
Former Member

Fiori SSO with ADFS using SAML2 - Browser behaviour

Hi Friends,

A quick question on the SSO of fiori with ADFS using SAML2. We configured everything by book and now users can login to Fiori systems using their AD credentials. So the SSO is working fine, but i have a question regarding this solution.

Once the users close the browser on the desktop and use the Fiori launchpad URL again they are redirected to the ADFS page. However by SSO i was under assumption that if less than 8 hrs the users should be logged in automatically even if they close the browser. ? Is this the standard behavior ? Howz the concept of SSO justified in this case ?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Feb 19, 2017 at 09:15 AM

    Dear Santosh,

    the behavior you've described is correct, due to the nature of SAML2.0 (SP initiated SSO) the user has to authenticate against your IdP (ADFS). Depending on the configuration, this could be a normal basic authentication using AD credentials or SSO via NTLM or better Kerberos/SPNego. So please check the SSO and user session lifetime settings on your IdP.

    Windows mainly leverages Kerberos for SSO. Once a user is authenticated (logon to PC), his ticket (TGT) stays valid for 10h by default, thus the user (browser) is able to request a service ticket (ST) for the IdP from KDC without re-authentication and to SSO against.

    Regards,

    Carsten

    Add comment
    10|10000 characters needed characters exceeded