In the OAuth scenario, a refresh token is used to maintain the SSO state of the user within the scope of a particular application. If the persistent SSO cookie is not valid any more, it will be rejected and deleted. AD FS will also set a persistent SSO cookie if a user selects the “keep me signed in” option. The difference between persistent SSO and session SSO is that persistent SSO can be maintained across different sessions.ĪD FS will set persistent SSO cookies if the device is registered. Persistent SSO cookies are written for the authenticated user which eliminates further prompts when the user switches applications for as long as the persistent SSO cookie is valid. If the browser session has ended and is restarted, this session cookie is deleted and is not valid any more. However, if a particular session ends, the user will be prompted for their credentials again.ĪD FS will set session SSO cookies by default if users' devices are not registered. Session SSO cookies are written for the authenticated user which eliminates further prompts when the user switches applications during a particular session. Supported types of Single Sign-OnĪD FS supports several types of Single Sign-On experiences: This article describes the default AD FS behavior for SSO, as well as the configuration settings that allow you to customize this behavior. Single Sign-On (SSO) allows users to authenticate once and access multiple resources without being prompted for additional credentials.
0 Comments
Leave a Reply. |