How to disable the question asking if the user consents to federate with service provider



When a SAML 2 environment is setup to federate between an Identity Provider (IDP) and Service Provider (SP), the user is always prompted to consent to the federation before it progresses. For example, If a user hits an IDP intersite transfer URL, authenticates and gets redirected to the SP the user is federating with, the following message appears on the browser:

Administrator does not want the user to be prompted to federate but no option seems to exist in the Admin Console can change this behaviour - Admin tried going to the 'User Interaction Settings' option under the IDP servers Liberty -> Web service consumer and disabled user interactions but this had no effect.


Making sure that the IDP servers are on Access Manager 3.1 Support Pack 3 or greater, set the federationConsent parameter in the IDP web.xml file to have a value of true. This file is located at /var/opt/novell/tomcat5/webapps/nidp/WEB-INF/ on Linux based IDP servers, and at C:\Program Files\Novell\Tomcat\webapps\nidp\WEB-INF\ on Windows based IDP servers.

The default web.xml file has the ldapLoadThreshold parameter set, so just add the federationConsent parameter below that as shown below.



Chris Seamons
Micro Focus Community Management
If you find this post useful, give it a 'Like' or use 'Verify Answer'.


How To-Best Practice
Comment List
Related Discussions