[midPoint] How to set up a shibboleth service provider with emergency login

[Wang, Xiaoshu]

Hi, I wonder how to front midpoint with a Shibboleth service provider, along with an alternative emergency path?

My plan is to front midpoint with a Shibboleth Service Provider and use the httpHeader to pass the user from Shibboleth’s IDP. In setting up Shib SP, I can list the URL’s to protect or exclude. I have excluded /midpoint/auth/emergency as well as /midpoint/login from the Shib protected path. This indeed allows me to use it to show the login form. However, after entering username and password, the UI is redirect to /midpoint/self/dashboard, which again requires the Shib session.

Since /midpoint/self/dashboard seems to be the landing place of all login path. It renders the emergency auth URI useless. I wonder if I have done something wrong or the two modules, httpHeader and emergency auth are just incompatible?

Xiaoshu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20211004/19ab89e3/attachment.htm>