I am creating a service provider which talks to third party IDP for authentication. But I have a concern that I have a set of dedicated machines(Desktop,tab) which are highly trusted, so is their a way in SAML that when a request is sent from such machines user is directly authenticated without the need to type username and password.
Asked
Active
Viewed 189 times
1 Answers
1
you want that user that tries to access a resource from his desktop (which is trusted) will be automatically authenticated? if this is the case, it seems that you need to identify the user using the active directory or something.
if this is the case, search a bit about Kerberos, or ADFS - it might serve your needs.
OhadR
- 8,276
- 3
- 47
- 53
-
so as I wrote - ADFS / KERBEROS might be the answer. – OhadR Jan 30 '14 at 08:54
-
Is it possible to send SAML assertion directly from that machine? – Phalguni Mukherjee Jan 30 '14 at 09:31
-
1from my experience, if you try to bend the protocol, you will pay for it one day. in cash. – OhadR Jan 30 '14 at 09:46