I’m trying to implement SSO between a custom app and Microsoft 365 so that when the users hit any link to Teams o SharePoint Online in the Liferay app, ADFS doesn't ask for credentials. Context:
- ADFS is owned by corp global IT team and changing its IdP role for AAD/M365 environment is not feasible… Also “Custom SSO provider” cannot replace ADFS as it doesn’t have windows credentials SSO (not all app users have corp devices).
- On user’s initial access to the “Custom App” it should be presented with a selection of the two company’s already available IdP’s (distribution screen to sms / certificate). These are not connected to the ADFS nor AAD.
Omitting the fact that the IdP situation is far from ideal and that SSO requires a single IdP:
Is It possible to create a trust between ADFS and a “Custom SSO provider” so that if the SAML request is initiated in Liferay, ADFS redirects the user to “Custom SSO provider” distribution page? This should not change the AAD/M365 SAML flow which should end in the LDAP credentials screen.
is there any way/trick to propagate user sign-in action from the “Custom SSO provider” to the company ADFS?
