0 Replies Latest reply on Apr 17, 2017 6:11 AM by Nuno Antunes

    PicketLink SAML: disabling SP-initiated SSO

    Nuno Antunes Newbie

      Hi all,


      I'm trying to provide SAML authentication in an already existing app.


      During a POC, I was able to implement the quickstart "picketlink-federation-saml-sp-with-metadata" sucessfully, using an external public IDP, ssocircle.com. Both scenarios, SP-initiated SSO and IDP-initiated SSO are working fine.


      Unfortunately, in the real case scenario we will only need the IDP-initiated SSO, so, if a user acesses the SP directly, a local form authentication should be presented without any interaction with an IDP. In this case I have two login-modules, one is SAML2LoginModule and the other is a custom LdapExtLoginModule.


      Is there any way to "disable" the SP-initiated SSO to achieve this scenario using PicketLink SAML?


      Can someone help me?