Re: [Unity-idm-discuss] Unity as SAML proxy - login without user interaction

[Doris B. <ba...@aw...>]

Hi,

finally got around to playing with the new uy_auto_login=true feature.
Could you go into more detail where this needs to be put?

I tried the <urn:SingleSignOnService ...> tag in the unity ipd metadata
xmlfile of my SP but when I do this unity complains:
eu.unicore.samly2.exceptions.SAMLRequesterException: Destination value
https://unity:2443/saml-idp/saml2idp-web?uy_auto_login=true is not
matching the responder's URI: https://unity:2443/saml-idp/saml2idp-web

Also, I gather that step 2 from my original question can now be done
with unity.saml.skipConsent - thanks for adding this! :-)

Best,
D.

On 22/12/17 14:44, Krzysztof Benedyczak wrote:
> Hi,
> 
> W dniu 22.12.2017 o 13:48, D Baum pisze:
>> Hi!
>>
>> I've set up Unity as a SAML "proxy" (which acts as a SAML IDP towards my
>> applications but authenticates users with a SAML endpoint at an external
>> IDP) and that's working fine.
>>
>> However, when users click "login" in my application, they are first
>> taken to a unity page (https://unity/saml-idp/saml2idp-web-entry) where
>> they have to click the "Authenticate" button to be forwarded to the
>> external IDP (step 1).
>>
>> After they log in, they get redirected back to unity where they can
>> select which information to share with the application and they have to
>> click a button again (step 2).
>>
>> Is possible to configure unity so that it _doesn't_ display those two
>> confirmation pages? So that the user doesn't have to click two buttons
>> during the login process? Ideally, for this usage scenario unity would
>> be "invisible" to the user.
>>
> 
> This feature will be available in the next release. If you want to play
> with this already, there is a pre-release in unofficial folder on SF
> (just use the latest distro from this folder). Adding uy_auto_login=true
> query parameter to the Unity redirect URL will trigger this functionality.
> 
> Best
> Krzysztof