Shibboleth Silent-Login Configuration for the New UI using PDS
Description
The out of the box PDS configurations do not allow silent-login for a user already authenticated to the IDP.
The below guide provides an enhancement that allows Single Sign On between a PDS that has been set up with a Shibboleth SP and other SAML applications.
Procedure
1) Find the entityID of the institution’s IDP.
grep 'SSO entityID' /etc/shibboleth/shibboleth2.xml
2) open the relevant tab service
pdsroot;cd conf_table; vim tab_service.example
3) Add the below section to the tab service that we are configuring silent-login for:
[LOAD_SSO]
program = shib_sso_example.pl
params = shib.conf
[END]
4) Copy shib_sso.pl to be customized
pdsroot;cd service_proc; cp –p shib_sso.pl shib_sso_example.pl; vim shib_sso_example.pl
Replace row 69 : $file_name_shrt = "sso";
With: $file_name_shrt="redirect-remote-shib-sso";
5) Create the file redirect-remote-shib-sso with the below contents
Replace idp_entity_id with the entity of the institution’s idp (step 1)
pdsroot;cd html_form/institute-example;vim redirect-remote-shib-sso
- Article last edited: DD-Mmm-YYYY