Shibboleth SSO as default authorization provider


#1

I’d like to define my Shbboleth SSO authorization provider as the default auth provider. But when I add ‘default: True’ to this provider, I get an ‘internal error’ message the next time I connect to Indico (or at least try to log in). I cannot find an error in any log file… Any hint?

Michel


#2

The default flag makes no sense on SSO and any other provider that redirects you to another page: It selects which input fields are shown by default (if there are e.g. local accounts and username/password-based LDAP accounts). But SSO providers redirect to an external page…

If you want the login page to not show up at all but an immediate redirect to SSO, simply disable local accounts.


#3

Thanks, I probably misunderstood what the default flag was intended for. I thought it was to control which auth provider was appearing first in the list of auth providers available in the login page. My goal was to have Shibboleth SSO appearing first as it should be the most pervasive option and then have the others.


#4

Ah, I’m afraid there’s no option for that - we always show form-based ones first and then the SSO ones