...
Add the script below to a page (#THIS PAGE#) where you want to have auto-login, e.g. a portal's home page.
In
shibboleth2.xml
file:Either add
redirectErrors="#THIS PAGE#"
to the Errors element.Alternatively you can set the
ignoreNoPassive on your
AssertionConsumerService
, e.g.:
Code Block language xml <md:AssertionConsumerService Location="/SAML2/POST" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" conf:ignoreNoPassive="true" />
If you don't have an <AssertionConsumerService> but only an <SSO> element (new simplified configuration), it is enough to add a
ignoreNoPassive="true"
attribute to it.
Make sure #THIS PAGE# is protected with a lazy session (no Shibboleth session is enforced but attribute are made available to application in case a user has a session)
...