Skip to main content
ExLibris
Ex Libris Knowledge Center

Shibboleth Silent-Login Configuration for the New UI using PDS


 

Description

The out of the box PDS configurations do not allow silent-login for a user already authenticated to the IDP.

The below guide provides an enhancement that allows Single Sign On between a PDS that has been set up with a Shibboleth SP and other SAML applications.

 

Procedure

1) Find the entityID of the institution’s IDP.

grep 'SSO entityID' /etc/shibboleth/shibboleth2.xml

 

 

2) open the relevant tab service

pdsroot;cd conf_table; vim tab_service.example

 

 

3) Add the below section to the tab service that we are configuring silent-login for:

 

[LOAD_SSO]

program = shib_sso_example.pl

params = shib.conf

[END]

 

4) Copy shib_sso.pl to be customized

pdsroot;cd service_proc; cp –p shib_sso.pl shib_sso_example.pl; vim shib_sso_example.pl

 

 

Replace row 69 : $file_name_shrt = "sso";

With: $file_name_shrt="redirect-remote-shib-sso";

 

5) Create the file redirect-remote-shib-sso with the below contents

Replace idp_entity_id with the entity of the institution’s idp (step 1)

 

pdsroot;cd html_form/institute-example;vim redirect-remote-shib-sso

 

<html> <head> <title>Redirecting</title> <include>meta-tags <meta http-equiv="refresh" content="0; url=&server_httpsd/shib/$0300/pds_main?func=load-login&calling_system=$0200&institute=$0300&PDS_HANDLE=$0100&url=$0400">
<script language=Javascript> function redirect() { var url = "&server_httpsd/Shibboleth.sso/Login?entityID=<idp_entity_id>&isPassive=true&target=&server_httpsd/shib/$0300/pds_main?func=load-login"; var urlcom = "&calling_system=$0200&institute=$0300&PDS_HANDLE=$0100&url=$0410"; top.location = url + encodeURIComponent(urlcom); }
</head>
<body onload="javascript:redirect()"> </html>

  • Article last edited: DD-Mmm-YYYY