We are using WSO2IS 5.3.0, which is configured to authenticated some users (in specific tenants) via federated SAML authentication.
I am wondering if that process can also create a local saml SSO session (so when /samlsso is called for local authentication, the user is not presented with the basic auth login page). Is this possible?
EDIT: it seems like I can accomplish this if the commonAuthCookie was set during the federated authentication. Is this doable?
This is the current behavior as well. When you federate an authentication request, WSO2 is creating a local session for the authenticated user upon a asuccessful SAML response from the federated Identity Provider. So that the next time the same browser comes to the WSO2 Identity Server, we will authenticate it using the local session without federating. As you already figured out, this is done using the commonAuthCookie.
Further, it doesn't matter if your secondary request is SAML or OIDC, WSO2 will manage the SSO flow despite the protocol.
