...
- Add the script below to a page (#THIS PAGE#) where you want to have auto-login, e.g. a portal's home page.
- In your Service Provider 2.x shibboleth2.xml file, add redirectErrors="#THIS PAGE#" to the Errors element.
As of SP 2.2 you can set the
ignoreNoPassive on your AssertionConsumerService, e.g.:
Code Block language html/xml <md:AssertionConsumerService Location="/SAML2/POST" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" conf:ignoreNoPassive="true" />
- If you don't have an <AssertionConsumerService> but only an <SSO> element (new simplified configuration), it is enough to add a conf:ignoreNoPassive="true" attribute to it.
- Make sure #THIS PAGE# is protected with a lazy session (no Shibboleth session is enforced but attribute are made available to application in case a user has a session)
...