No. The whole point of seperating these functions is that the SP does
not ever see the user's password.
If that is what you want, why bother with SAML in the first place?
Just perform the authentication in your application and be done with
it.
-peter
Once authenticated to your simpleSAMLphp IdP, your users will be
accepted at any SP that has knowledge of the metadata of your IdP. This
means that you'll get SSO after one(!) visit to the IdP.
The redirection bit of your question doesn't make much sense to me, but
if you fear the users' respone to the fact that they get redirected, why
notl just place a web page in between the web app (secured by the SP)
and the point of authentication, telling the user what's going ...
If it's just cosmetics, I'd live with it if I were you ;) -Two or more
different sites (SP and IdP) all secured by trusted SSL certificates
should not alarm your users either ...
-S�ren
On 29/06/11 13.51, Maxime BUISSON wrote:
> I want a SSO for several website, but i would like that the user
> doesn't see the redirection.
> It is not possible ?
>
> On 29 juin, 13:31, S�ren Gr�nning Iversen<s.groen...@gmail.com>
> wrote:
>> Hi,
>>
>> I'm not sure what you wish to achieve - if you get redirected to your
>> IdP at login and thereafter redirected to the SP, which allows you
>> access, why would you need a login at the SP?
>>
>> It /could/ of course be a question of separate login pages for different
>> SPs, but since I have no idea as to what you reasons you have for this,
>> I'd stick to the SP -> IdP -> SP flow :)
>>
>> /S�ren
No. But you could design things so that it won't be noticed, e.g. by
having your IdP on the same vhost as your SP, and design your URL
space and HTML templates so that it closely matches your SP.
Then the redirect will only be from /some-application to /your-idp
for example.
Of course this won't work for other, actually federated SPs, esp if
you can't guarantee the order where people start their sessions.
So it all depends on your use-case.
-peter