I'm looking to replace our current SSO system based on openID 1, with an authentication and authorization solution that is more suiting modern needs.
One of the things i would like to avoid is having the end user redirected to the identity provider for various flows, such as login, reset password, etc.
Is there a secure solution that doesn't rely on redirects between the relying parties and the identity provider?
Thanks
No, the point of federated web single signon is that you relay control of user authentication to a trusted 3rd-party, so by design you cannot do login and password resets from the Relying Party without redirecting to the Identity Provider. Any implementation that allows that would defeat the primary purpose of federated Web SSO that the RP should not know/need/manage the users credentials.