DonMartin76
commented
5 years ago Implemented for:
- Generic OAuth2 IdPs
- SAML2 (using isPassive)
Closed DonMartin76 closed 5 years ago
DonMartin76
commented
5 years ago Implemented for:
Right now, the wicked Auth Server does not even try to do a headless authentication with external identity providers if it does not have a session with the user agent. In some cases, identity providers do support "remember me" kind of features, or very long lived sessions, which allow a user to automatically log in even if there is no session anymore.
Google is such an example, and also many other OAuth2 identity providers. Also SAML2 supports "isPassive" mode for headless authentication.
It should be possible for wicked's Authorization Server, if it receives an authorization request with prompt=none set, to delegate the non-interactive login attempt to other identity providers, even if it does not have a session with the user agent.
Google: Supports prompt=none SAML2: Supports something similar, isPassive mode Other OAuth2 providers may also support "prompt=none" mode