How to disable the question asking if the user consents to federate with service provider

1 Likes
over 10 years ago

Problem:

When a SAML 2 environment is setup to federate between an Identity Provider (IDP) and Service Provider (SP), the user is always prompted to consent to the federation before it progresses. For example, If a user hits an IDP intersite transfer URL, authenticates and gets redirected to the SP the user is federating with, the following message appears on the browser:

Administrator does not want the user to be prompted to federate but no option seems to exist in the Admin Console can change this behaviour - Admin tried going to the 'User Interaction Settings' option under the IDP servers Liberty -> Web service consumer and disabled user interactions but this had no effect.

Solution:

Making sure that the IDP servers are on Access Manager 3.1 Support Pack 3 or greater, set the federationConsent parameter in the IDP web.xml file to have a value of true. This file is located at /var/opt/novell/tomcat5/webapps/nidp/WEB-INF/ on Linux based IDP servers, and at C:\Program Files\Novell\Tomcat\webapps\nidp\WEB-INF\ on Windows based IDP servers.

The default web.xml file has the ldapLoadThreshold parameter set, so just add the federationConsent parameter below that as shown below.

        <context-param>
<param-name>ldapLoadThreshold</param-name>
<param-value>10</param-value>
</context-param>
<context-param>
<param-name>federationConsent</param-name>
<param-value>true</param-value>
</context-param>

Labels:

How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended