Mapping logon to browser type rather than IP

Oct 15, 2012 at 9:52 PM
Has anyone considered whether this project would provide a good basis to a solution for SP authentication in a mixed browser environment where not every client has IE with WIA enabled? We are looking at how to improve the authentication experience for iPad users (currently a separate basic auth prompt for each sub domain/ web app). We need seamless NTLM/Kerberos authentication to work as normal for 99.9% of users, but reduce Logon fatigue for iPad users. Replacing the IP mapping with a user-agent mapping, and perhaps adding some cross sub-domain session handling would seem feasible. Session handling is of interest iso that we could prompt for FBA only once per session across all SP web apps with a common top level domain. We have home.ourdomain.com, people.ourdomain.com, communities.ourdomain.com, etc so want to avoid a basic auth or FBA for each web app. ADFS would probably do it, but seems like overkill for a few iPad users. Gary