it would be a larger security issue if they didn’t redirect to the SSO provider and instead threw up a page asking for a password.
In many cases SSO means once you’re logged in then you don’t enter a password again for the session anyway- that only works with a redirect.
and your login might not even be a password anyway, or require more information than just a password (like MFA)- our solution for example takes into consideration what you’re logging in to, what device you have and where you are to determine the secrecy level of the thing you’re authenticating into.
In many cases SSO means once you’re logged in then you don’t enter a password again for the session anyway- that only works with a redirect.
and your login might not even be a password anyway, or require more information than just a password (like MFA)- our solution for example takes into consideration what you’re logging in to, what device you have and where you are to determine the secrecy level of the thing you’re authenticating into.
Can’t do that without control.