Forum Discussion
So, I looked at the article and further PSSO definition, and I don't quite fully understand exactly how it works yet - but I am guessing that if ADFS sets PSSO cookie and sends that claim to Azure AD, then Azure AD will be sending persistent cookies for Sharepoint Online to the browser. Do you know if that is the case?
Yes, the problem is that it's from WS-Trust format. Normally, AzureAD is consuming a SAML 1.1 payload wrapped in WS-Trust wrapper, ultimately this is called WS-Fed. :)
So, I've tried to send similar attributes to them via SAML 2.0, and they are getting ignored and persistent SSO does not seem to happen. We need to find out from Microsoft whether they are capable of ingesting any SAML attributes when federating using logon using SAML instead of WS-Fed.