SSO/SAML question

We have set up SSO/SAML for our on-prem application. We want everyone to go through SSO for logging in. We still hit the login page which prompts to enter a local account. If we type the url/SSO then we get to the SSO login page. How can we have users just type the url and they should get to SSO sign in page. Thse are the constant settings . Can you please suggest what is missing in the setup, so that users can get to SSO login page when they access the application url.  SAML20.BindingURI_Redirect: false   SAML20.DefaultLoginPage:    SAML20.DefaultLogoutPage: /SSO/   SAML20.SSOLandingPage: index3.html   Thanks, Raj  
4 answers

Hi Raj,

Here is a snippet from the modules documentation. Did you try this? The index file is located in the theme folder in your project.

  • SSOLandingPage, You could specify a different landing page here, for example: When you would like to redirect all user, accessing the application url, to the Saml login.  This requires you to change the index.html page by adding '<meta http-equiv="refresh" content="0;URL=/SSO/" />', you don't want to end up on 'index.html' again after a login attempt.  By changing this constant to '/index3.html', you'll land on index3.html instead of index.html.  Off course you will need to add an 'index3.html' page to your theme in this case! (You can copy the original index.html into index3.html)



I tried that still gets me to login.html which prompts for local user name.



index.html has the following edit




        <meta charset="utf-8">

        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">

                <meta http-equiv="refresh" content="0;URL=/SSO/" />



index3.html is a copy of index.html but without the above SSO line

These are the constants set:


  SAML20.BindingURI_Redirect: false


  SAML20.DefaultLogoutPage: '/SSO/'

  SAML20.SSOLandingPage: '/index3.html'





I did not do any clean up. This is what we have in web folder

[apmdxlm@appprd01mdx web]$ ls
components.json        index-phone-preview.html      login-with-sso.html.gz
config.rb              index-phone-preview.html.gz   logo.jpg
css                    index-rtl.html                logo.png
favicon.ico            index-rtl.html.gz             metamodel.json
img                    index-tablet-preview.html     mxclientsystem
index3.html            index-tablet-preview.html.gz  pages
index3.html.gz         js                  
index-example.html     lib                 
index-example.html.gz  LICENSE                       settings.json
index.html             login.html                    styles
index.html.bak         login.html.gz                 unifirst-logo.gif
index.html.gz          login-with-sso.html           widgets


Why not create an extra button on your login page that redirects to the SSO. We always use that option because MxAdmin still sometimes need to log into the environment. So the login page should be reachable imho.