Cloud has different handling for links, and we need to make sure the SAML module transparently follows through links with the user authentication process.
- If the user is logged in, the user can follow a link through the SAML IdP directly to the document referenced by the link without having to log in again.
- If the user is not logged in, the user will be taken to the generic Cloud Login Page where they can enter their email address. Upon seeing that the user belongs to a SAML protected network, the user should be prompted to use the link to the IdP for login.
- Manual test cases for this behavior should be filed in TestRail so it can be reproduced
- Automated testing is not part of this effort, it will be managed by the test automation team based on the TestRail story.
- This implementation means that users will be required to know their username for my.alfresco.com (their work email address).
- Acceptable alternative approaches:
- ask the users for their organization rather than their username/email, then expose the correct login method
- On the same page login areas for email / password, and "login with my organization".
Q. Is SAML login currently mandatory when it is enabled for a tenant? (Should the link to the IdP replace the password box, or be next to it?)
A. The SAML login is not currently mandatory, but that doesn't mean that the user knows their Alfresco credentials if they usually log in with an IdP.
Q. How should the implementation be divided between the Cloud code base and the SAML AMPs?