Scenario: We have a web application deployed on a cloud. This application uses the SSO (Idp-initiated) set up of the client. Things are working fine. The user once log on to their corporate network, can use our application without putting in their credentials.
Understanding of SSO: SSO aims at managing the identities centrally, against each corporate application taking credential as input and authenticating the user. This results in trust as user does not enter username/password for using an application.
Note About E-Signature: This, not to be confused by Digital signature. This is very critical requirement for Pharma domain software. If a user is performing some important action e.g. approving etc, then she has to enter her credentials explicitly before that action could be carried out, even when the user is already logged in and has session. The objective of this is to prevent misuse of an open terminal.
Problem: For an application under SSO, is there any way for explicit authentication as required by E-Signature?