Simplesamlphp check if user has session on IdP

Question

Need help with identifying on SP side if user has authenticated on IdP. Infrastructure:

login.domain.com (IdP)

www.domain.com (SP)

www.domain2.com (SP)

From domain.com I'm redirected to login.domain.com (IdP) where I successfully login and be redirected to domain.com. I open site domain2.com (SP) and want to be authenticated, without the need to click on login, be redirected to IdP and back (without typing username, pass).

HTTP-Artifact is the solution, or some kind of SOAP solution? Tried with cURL and than read that it can't be done with cURL.

Is there a solution to get auth session from the IdP, something like when I log in to Gmail and than click on Youtube I'm already logged in without clicking on log in.

UPDATE: If somebody has the same issue I started a Google Group discussion at https://groups.google.com/d/topic/simplesamlphp/r5EdD_udn88/discussion

Answer 1

I have the same issue but with J2EE applications. At the end what I have done is protect only the URL login. When an authenticated user clicks on it, she/he will be redirected to the IdP, the IdP will check that the user has a valid session, and it will redirect the user to the initial page. See Move from in-house SSO solution, cookies based, to SAML2/WS-Federation

Another trick could be request the protected resource, from the browser, through Javascript. Depends on the response of the IdP you could know if the user has a valid session or not. See Invoke SAML IdP from Javascript.

Hope it helps,

Luis