I have a site where I want to only use active directory for the front end. For the backend, I want to continue to use the default provider. I went through the process of setting up active directory STS and it works. If I leave the federation URL pointed to localhost, you do get the SF login box where you select Default or LDAP. However, I would like it to log you in automatically if you visit a front-end page that requires a specific LDAP group.
Is this possible? The main reason is that many of my active directory users will be backend users but only use it rarely. They will visit the website every day and if they are automatically logged in, we will quickly exceed the 5 concurrent user login limit even though they aren't using the backend tools. My plan would be is they would have a different login for the backend.