Hi all,

I'm trying to provide SAML authentication in an already existing app.

During a POC, I was able to implement the quickstart "picketlink-federation-saml-sp-with-metadata" sucessfully, using an external public IDP, ssocircle.com. Both scenarios, SP-initiated SSO and IDP-initiated SSO are working fine.

Unfortunately, in the real case scenario we will only need the IDP-initiated SSO, so, if a user acesses the SP directly, a local form authentication should be presented without any interaction with an IDP. In this case I have two login-modules, one is SAML2LoginModule and the other is a custom LdapExtLoginModule.

Is there any way to "disable" the SP-initiated SSO to achieve this scenario using PicketLink SAML?

Can someone help me?

Thanks!