Viscosity actually supports a "Web CA" file, which can be optionally used to validate the SSO/SAML login webpage. There is no GUI option in the editor for this, however it can be specified using either the "web-ca" command (with a path to the Web CA file as the parameter), or inside the configuration file using OpenVPN's inline file syntax: <web-ca>PEM Data</web-ca>
I am not having any luck in getting this to work. I've tried both the web-ca command in the config file and using the inline file syntax (which appears to translate this into a web-ca command and creates a file for the CA certificate.)
I see the web-ca command in the Advanced tab, so I know it is part of the config.
However, when initiating a connection the login page comes up with NET::ERR_CERT_AUTHORITY_INVALID
I'm afraid this isn't supported on Windows yet for SSO due to a limitation in the Windows web APIs. We're hoping to see support in 1.10.2 either with a work around on our end or official support from Microsoft in the APIs, please keep an eye on the betas - https://sparklabs.com/support/kb/articl ... -versions/
In the mean time, adding the web-ca to the user/machine certificate store will prevent the invalid certificate error for SSO.