Menu
▾
▴
Re: [Unity-idm-discuss] Unity as SAML proxy - login without user interaction
|
From: Krzysztof B. <kb...@un...> - 2018-02-26 22:31:13
|
Hi Doris, W dniu 22.02.2018 o 17:44, Doris Baum pisze: > Hi, > > finally got around to playing with the new uy_auto_login=true feature. > Could you go into more detail where this needs to be put? > > I tried the <urn:SingleSignOnService ...> tag in the unity ipd metadata > xmlfile of my SP but when I do this unity complains: > eu.unicore.samly2.exceptions.SAMLRequesterException: Destination value > https://unity:2443/saml-idp/saml2idp-web?uy_auto_login=true is not > matching the responder's URI: https://unity:2443/saml-idp/saml2idp-web It may be difficult to trigger this functionality from arbitrary SP - depends on what its implementation allows for. If SP is fully driven by SAML metadata, and you can not force it to add additional query parameter then I'd suggest not using the client driven variant of this feature. As a rule of thumb it will be typically a problem wen using SAML SP, and more likely possible when using OAuth clients. Anyway, instead you can try the automatic (server-driven) activation of the auto login. Ensure you have a single remote authN option enabled on your SAML IdP endpoint and add this to its config: |unity.endpoint.web.autoLogin=true| > Also, I gather that step 2 from my original question can now be done > with unity.saml.skipConsent - thanks for adding this! :-) No problem :-) Best, Krzysztof |
