Single Sign-On ADFS 2.0

[JonNutt]

Thanks Trevor,

That's answered a question I was mulling over whilst doing this task.

Jon.

[Everton1878]

It would be useful to have the option to bypass SSO for users not on our domain or for users who aren't connected to our domain

We have overseas users that aren't always connected to the domain and then there are home workers

They can access if they connect to our Citrix environment otherwise they would need to use a VPN from a domain connected machine

If they can't access the Citrix environment and aren't on a machine connected to the domain then they will have to call our helpdesk

[JonNutt]

Just an update on this, after making the ADFS go live, I noticed when I used (in error) my old saved favourite for accessing live.hornbill.com using the password page continues to ask for the Hornbill password instead of my new favourite to https://live.hornbill.com/<instancename>

My saved link (with anything traceable removed highlighted in red):

https://live.hornbill.com/<instancename>/lib/saml/auth/simplesaml/module.php/core/loginuserpass.php?AuthState=<Unique_ID>%3Ahttps%3A%2F%2Flive.hornbill.com%2F<instancename>%2Flib%2Fsaml%2Fauth%2Fsimplesaml%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3DESP%26ReturnTo%3Dhttps%3A%2F%2Flive.hornbill.com%2F<instancename>

In my testing this is user specific (I can't recycle this for other users as it contains an unique ID) and can only be setup whilst SSO is off to actually get the login page up.

It's very much a fudge exploiting what I perceive to be an undocumented feature but this may work for you.

Jon.