tichung wrote:

>
> The SSO is for the company internal use. They don't want to spend
> extra cost for the certificate.
> Of course I can export IDP trust root certificate to ask then to
> import to the browser, but they think it will bother the user.


By the looks of it its one of the limitations when using the single
server appliance. I don't think there's a way to change this without
severely hacking it which will void the support on it. My suggestion
would if you want the flexibility to deploy a separate AMC and IDP and
a 'MAG'.

--
Cheers,
Edward