*
gioh...@hotmail.it <
gioh...@hotmail.it> [2016-08-22 15:17]:
> This system is not very nice because you see a redirect in the
> browser's address bar, from and to the IDP.
That's because you're disrupting people's workflow by sending
authentication requests to the IDP (with isPassive set, but as you've
seen that's not without side-effects). So if it hurts, stop doing it.
There's no special API defined solely for this purpose, so the
SAML-defined protocols and bindings apply just the same here.
> Also this operation has to be repeated at every point in the web
> application where I have to check if you are still logged in ,
> because the logout or login can take place either from domainone or
> domaintwo
Why care at all about the IDP session in the application protected by
an SP?
> There is a method such as SOAP requests to avoid these Redirect?
You can stop sending additional authn requests (with isPassive set),
though, that will avoid those disrupting redirects.
> I use this middleware in Laravel controller to verify if user is
> authenticated.
I don't know why you're doing what you're doing (obviously, as you
didn't say) but your application should only be concerned with a valid
SP session (not the IDP's), as that's where the attributes come
from. And unless you're trying to deploy SLO you wouldn't even need
the SP's session/data after creating an application session from
it. Just load the data from the SP into your application (at session
creation time), persist it if/as needed, and only care about the
application's own session from then on.
-peter