We use ADFS 2.0 to access ServiceProvider sites. If I go to the ServiceProviderSite#1(SPI), it will redirect me to ADFS and I authenticate and then get connected into that site. That works fine and I thought the token that was issued, was always embedded into the cookie for that specific website. However, I do notice that if I go to a different ServiceProvider site I go right through, without any authentication. It knows I have already authenticated to ServiceProviderSite#1. My guess is that it picked up on the token that was issued to me for ServiceProviderSite#1. Does anyone know how that works?
Thanks,
Dan
Dan Heim