0

I am setting up a PoC for work and I have SimpleSAMLphp as the SP for wso2 IS, I have configured the single SP and multiple IdPs (FB, Google) and it works well when clicking the Auth test with simpleSAMLphp and loading up the wso2 page that contains the login options - perfect. But what I want to be able to do is setup a simpleSAML AuthSource that goes directly past this choosing page and right into Facebook auth for example.

Is this possible with a single SP with advanced federation AND skip the IdP choosing page?

I have tried appending the realmID to the auth string but no luck, maybe I am missing something as I am new with SAML/simpleSAML etc.

It will be great if anyone out there has made this work, imagine it as the Auth test page on simpleSAML have many options such as wso2-all (shows the login page with options), wso2-facebook (loads just the FB login), and so on - BUT I only want the single SP instance for this SimpleSAML SP.

Thank you in advance

Community
  • 1
  • 1
Anthony R
  • 17
  • 8

1 Answers1

0

Do you have multiple login options ?

If you don't need that and just need one IDP (like facebook), in the 'Local and Outbound configuration' of Service Provider config, you can just select your IDP as the federated IDP.

Then Identity Server's login page would not be displayed, instead you would directly see the IDP's (eg: facebook) login page.

However, if you have multiple login options, Identity server will display it's login page so the user has to pick the particular option.

A basic guide for working with IS and simplesamlphp is in [1].

[1] http://tharindue.blogspot.com/2015/05/setting-up-wso2-identity-server-as.html

thariyarox
  • 454
  • 2
  • 11
  • Thanks for this, so there is no way to use that single ServiceProvider (which already has advanced federation setup) and force it to connect with a single IdP? – Anthony R Aug 21 '16 at 22:47
  • Having the 'Advanced' option in 'Local & Outbound Authenticator Configuration' is fine. However in your Step1, you can remove unwanted authenticators from there. If you don't want Basic authentication, you can delete it from there. If you have multiple IDPs, you can keep only the required IDP in the federated authenticators list. This way you keep the advanced option and still it will redirect to the required federated IDP automatically as you have only one authenticator engaged in Step1. – thariyarox Aug 25 '16 at 01:49
  • However if above is not possible for you, you can do a customization and still get the work done. For that, you can modify IS_HOME/repository/deployment/server/webapps/authenticationendpoint/login.jsp file. This is the file that contains the UI of the login page of IS. Here, you can modify the jsp such that it retrieves the URL of your particular IDP and autoclick the button or redirect to that IDP. – thariyarox Aug 25 '16 at 01:49