kjhurni;262050 Wrote:
> Not really. In an IDP-initiated (that's the 2nd sentence there), you
> can still run into the issue, even if you have configured things
> properly on *your* end, if you have no control over the external
> third-party IDP.
> For example, if the IDP has a "login" page of say:
> https://blah.com
> and you click on it and login, how on earth is it going to know
> (regardless of how you configured things) that you want to go to any of
> the 300+ SP's it's tied to?
> Only if you craft the URL specifically to get it to work, so that the
> user is not going to:
> https://blah.com
> But rather some big hairy URL like:
> http://tinyurl.com/plbudto.........
> And of course, invariably (regardless of SP or IDP-initiated) the user
> bookmarks the "login page" which typically has unique session stuff in
> the URL.

True, bookmarking of the login page is an issue.

kjhurni;262050 Wrote:
> Although looks like NAM 4.2 may have some nice goodies for more easier
> button clicking.

Still doesn't stop users from bookmarking the login page in federated
logins (even if NAM is used as an IDP) from what i know.


edmaa's Profile: https://forums.netiq.com/member.php?userid=1118
View this thread: https://forums.netiq.com/showthread.php?t=54550