On 2019-07-18 16:10, Peter Schober wrote:
Sorry, but no: It's simply impossible to "activate personalisation" on top of a federated login if the IDP does not already release an identifier that allows the SP to recognise a returning subject.
So either the IDP is /already/ sending a suitable identifier -- in which case the SP does not need to "activate personalisation" as all requests are traced back to an identified individual (even if that individual is not known by name from the data the IDP provided) -- or the IDP is /not/ sending such an identifier in which case you cannot add "personalisation" to that federated login.
Elsevier forces users to register with their names and email addresses (and maybe also additional data), otherwise the personalized features cannot be used, even though the IdP sends a suitable identifier. This could be regarded as activating the personalization. While asking the users for additional data in exchange for the personalized features might be okay, this of course shouldn't be the recommendation.
If the IdP doesn't send a suitable identifier, the users cannot use personalized features on the Elsevier platforms, they can't even register a personal account as with IP access. This is a problem when the IdP for whatever reason can or does not want to release a suitable identifier.
Best regards, Bernd