I have a single-page application (SPA) (app1) that uses MSAL and OpenID Connect to authenticate users against my Azure B2C instance. Once authenticated into app1, I would like to enable the user to access an external SAML application (app2) without having to re-enter their credentials. To achieve this, I registered a SAML application in my Azure B2C instance, so that my Azure B2C now acts as an identity provider for app2.
Currently, the user authenticates into app1 with no issue. However, when clicking the button to navigate to app2 (initiating the SAML flow), my user is prompted to provide their credentials again.
My question: Is there any way to prevent an interactive login with SAML if the user has already authenticated with OpenID Connect? My research has suggested some type of cookie sharing implementation, or possibly updating the custom policy that facilitates the SAML flow to be aware of the already authenticated user.
Any guidance would be much appreciated.
The usual way to do this is to modify the SSO session providers so that they include all the claims you want to be persistent.
However, the SAML provider is not editable.
The other thing you can try is to make the SSO configuration = "Tenant".
I've found it helps to make it explicit even though the documentation states it's the default.