Cannot use Single Sign On (SSO) when using ADFS in Federated Security
When integrating KTA with ADFS via Federated Security, it is not possible to use SSO i.e. logon without having to provide the username/password. The only option is to enter the ADFS username/password when logging into KTA.
This will occur when using the SAML endpoints for ADFS. KTA will send the SAML request to ADFS using an Authentication Context class defined by OASIS (here) for the SAML 2.0 specification.
Microsoft has their own augmented implementation of SAML 2.0 that supports Windows Integrated Authentication (WIA) being passed as an Authentication Context. This does not comply with the standard defined by OASIS.
As WIA is not defined as an Authentication Context class by OASIS, KTA does not support it. There are currently plans to have this added in a later release.
Level of Complexity
Add any references to other internal or external articles
Article # 3046607