Reputation: 3482
Force Shibboleth to redirect to a specific URL after authentication
I'm trying to fulfill a requirement to always have a user be redirected to the same URL after being authenticated through Shibboleth.
At the moment, it will redirect to the referrer (which can change) which we want to ignore and replace it with our own (that never changes).
Update #1
Unsure if I need to do this at the SP or IDP level.
Upvotes: 8
Views: 10519
Answers (2)
Reputation: 493
we had the same requirement. follow below steps:
You need to make change in your shibboleth idp. you can create one relying party and specify location of it's metadata file. In this service provider's metadata file, there is one attribute named saml consumer. set this value to where you want to point the user after successful authentication.
In our case, we had only one service provider so we created only one entry in relying party and disabled other/default replying parties. after this we added static SP metadata file which contained url of the consumer.
Upvotes: 0
Reputation: 2752
I think we have a similar question, I was searching for an answer to my question when I came across yours. To make sure I have you right, and make this question bump up in the search rankings, you're (likely) wanting to have your SP redirect you to a specific URL after login. What is your Stack setup? Apache?
If you look at the Shibboleth documents - specifically:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessionInitiator and https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings and https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessionCreationParameters
you will find that there is a "Location" attribute and a "target" attribute which may meet your needs.
Location (relative path) The location of the SessionInitiator (when combined with the base handlerURL). This is the location to redirect to when manually initiating a session using the query string protocol.
target (URL) (Version 2.4 and Above) Allows the resources to return to after SSO to be "locked" to a specific value, even when running as a result of active protection of other resources. In other words, this value overrides the actual resource location when SSO redirection is automatic, including initial access and after a timeout.
In theory you should be able to add these to your configuration. For me I need to figure out how to do this dynamically so if a file is clicked on, after logged in you're re-directed back to it.
Upvotes: 0
Related Questions
- Shibboleth SP logout does not redirect to my correct server URL
- How to configure Shibboleth2 to send SAML response via header to app
- Redirect User to a Specific URL using APACHE Shiro
- Shibboleth custom redirect after success login
- Shibboleth - how it works?
- How can I redirect requests to a configured Shiro loginUrl if the user is already authenticated?
- Shibboleth - How to configure multiple Password Authentication Configurations
- Shibboleth Service Provider Work Tasks Before Returning is Authenticated
- Shibboleth with custom web application's own SignOn mechanism
- Shibboleth and Autologin