SAML federation alternative login

This topic contains 1 voice and has 0 replies.

  • Author
    Posts
  • #22508
     wshen 
    Participant

    Trying to setup an IdP with AM5 for SAML federation to a SaaS provider. One of the use case is when a user is not in the IdP, IdP will notify SP in some form that SP can show alternative login page.

    I’m thinking two options:
    1. IdP send SAML Authorization Assertion in SAML response to SP’s ACS with authorization denied, so SP can respond with a redirect to the alternative login page.
    2. During AM authentication, if user is not in IdP, redirect to SP’s alternative login page during authn process.

    Can AM support either of the above options? Are there any other approaches that worth a try?

    Thanks,
    -Wei

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2018 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?