sso | DB Client library

I'm trying to choose the appropriate authentication flow for my application. I have a portal that users create accounts/login to. When they login for the first time, I want to present them with a "Terms & Conditions" form that requires a valid signature. I want to save the signed form in our database (and link to it from our Admin panel).

I don't necessarily want users to have to create a DocuSign account to sign with. In this previous question: Embedded signers from my application shouldn’t need to login @larry-k says:

If your application makes users (who will become signers) login to the app, that is a form of authentication. You can also turn on authentication options from DocuSign. Eg include KBA (Knowledge Based Authentication) in the signing request.

Here he alludes to making my App Users into Signers, but I'm not sure how this works. I don't want to use Knowledge Based Authentication, I'm more envisioning a SSO process to create a DocuSign User based on the App User information of the user logging in.

The same article suggests PowerForm as a possible solution. What happens after the user signs the form? How can I obtain the signed copies? I gather you cannot mix/match PowerForms with API integrations? I don't want to have to require an admin to login to DocuSign to collect signed forms.

https://github.com/OfficeDev/msteams-tabs-sso-sample-nodejs

I'm trying to change the final request of this sample to access the SharePoint REST API I've added delegate permission in AzureAD and added the scope "https://microsoft.sharepoint-df.com/AllSites.FullControl" to the token request, but still getting 401

Actually, we use Google IdP as a SSO / SAML authentication type for our application. We have configured it to connect our users to our application and it works fine. But recently, we have also wanted to ask a reauthentication to our users for different actions that could happen during the application lifecycle.

In deeper details, when we send a SAML request to the Google Idp, we add the attribute ForceAuthn="true" in the node "AuthnRequest" and we also add a AuthnContextClassRef to ask explicitly that we want a reauthentication by credentials.

When we send this SAML request to the Google IdP, the problem is that the IdP server doesn't ask credentials to the end user and redirect directly to the application with a successful response.

Is that normal ? Does the Google IdP support the attribute ForceAuthn="true" ? I didn't find any documentation on this topic.

Here is an example of the SAML request that has been sent to the IdP:

I'm validating AAD-SSO for TestWebApp(ASP.NET MVC) ITfoxtec / ITfoxtec.Identity.Saml2.
I confirmed login -> AAD sign-in -> Redirect to app but app still remains not logging-in.
I assigned "https://localhost:***/Metadata" as Redirect Uri.
I checked the other settings from another post. However that means the app only makes a xml file.

Tell the procedure if there's anyone who succeeded logging-in on app?
Or do I have to build new logic?
e.g. of logic) receive session from AAD and

I wanted to allow users to be able to log in with both username and email. I've seen similar questions, but I don't think it works well with my case and now I'm still confused as to how to make this works. I'm using passport js for the middleware, node js for backend.

Here's my passport middleware config which handles login by email:

I would like to set up my Service Provider (SP) for SP-initiated SSO.

When the user successfully logs in, I'm expecting the IdP to POST a SAML Assertion to my SP (is this called endpoint on my SP called an Assertion Consumer Service?).

What should I expect to happen when my SP and IdP are configured correctly but the user fails to authenticate – either with their primary credentials or MFA? Will the IdP POST a failure message to my SP?

If so, what is the conventional terminology for this payload? Is it still called a SAML Assertion but containing some kind of failure syntax differences or is it a totally different type of SAML payload, called something else? Do both success and failure payloads get sent to the same SP endpoint?

Thank you!

I am part of an organization that uses SSO in Github. I don't have problem to access the repository through the web, it redirects me to SSO login and that's all.

The problem started when I logged-in first to my personal repository on GitHub through Git-Bash, I did some changes and then I wanted to do changes in a repository from my organization. When I run the below command, it wrote me that I need to re-authorize the OAuth Application, but I don't understand how:

i'm using spring security with keycloak and if i do a request on a specific endpoint with an invalid token, it looks like the token validation is done 2 times, i've also tried to implement my own authentication provider which uses the logic of the keycloak authentication provider and overrided the BearerTokenRequestAuthenticator which does the token validation but it still does the same thing..i'm not sure if maybe the problem comes from some sort of bean definitions Here are same logs where you can see that the string "Verifying access_token" appears 2 times.

For my Django application, I am trying to enable SSO using Djangosaml2 and following are the versions I am using

djangosaml2==1.2.0

pysaml2==7.0.0

djangorestframework==3.12.2

Django==3.1.7

python==3.8

My saml2_settings is as follows