Shibboleth Silent-Login Configuration for the New UI using PDS

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Description

The out of the box PDS configurations do not allow silent-login for a user already authenticated to the IDP.

The below guide provides an enhancement that allows Single Sign On between a PDS that has been set up with a Shibboleth SP and other SAML applications.

Procedure

1) Find the entityID of the institution’s IDP.

grep 'SSO entityID' /etc/shibboleth/shibboleth2.xml

2) open the relevant tab service

pdsroot;cd conf_table; vim tab_service.example

3) Add the below section to the tab service that we are configuring silent-login for:

[LOAD_SSO]

program = shib_sso_example.pl

params = shib.conf

[END]

4) Copy shib_sso.pl to be customized

pdsroot;cd service_proc; cp –p shib_sso.pl shib_sso_example.pl; vim shib_sso_example.pl

Replace row 69 : $file_name_shrt = "sso";

With: $file_name_shrt="redirect-remote-shib-sso";

5) Create the file redirect-remote-shib-sso with the below contents

Replace idp_entity_id with the entity of the institution’s idp (step 1)

pdsroot;cd html_form/institute-example;vim redirect-remote-shib-sso

<html> <head> <title>Redirecting</title> <include>meta-tags <meta http-equiv="refresh" content="0; url=&server_httpsd/shib/$0300/pds_main?func=load-login&calling_system=$0200&institute=$0300&PDS_HANDLE=$0100&url=$0400">

</head>

Article last edited: DD-Mmm-YYYY