SSO with SAML2.0
For SP initiated SAML[pega being the SP] request when user is authenticated by IDP after getting id/pwd from user through browser ,it sends back SAML assertion token which will come to SP via browser and then user is able to login to the application. Now is this token stored in the browser as cookie so that authentication screen is bypassed for already authenticated users when next time the application is accessed by the same user?
Please clarify.
Pegasystems Inc.
IN
@DUTTAR01 As per my knowledge.... Pega Will be having a AAT cookie (this will be used in the browser) which will be set for each user session, and this will be active for a stipulated time. and if the same user login within that time and if the session is active till that....the user will be logged in without the Authentication challenge screen
Cognizant Technology Solutions
IN
@Manojkumar_ J -thank you for your reply ,but per the link given below, for constellation app when one select Support React-based UI, Pega Platform generates a new cookie, Pega-AAT, to speed up stateless REST calls.
Do u think same is used for SAML?
https://docs-previous.pega.com/security/87/cookie-usage-pega-software?
Regards
Rajarshi
Pegasystems Inc.
IN
@DUTTAR01 Pega AAT cookie is a generic one, it is not only limited to constellation-based applications. Whenever it comes to Authentication of the user based on the session (SSO) in that case AAT cookies will come in to play And also, please note it is not only the AAT cookies involved there are also some other parameters which makes it work seamlessly. Thank you !