SAML Plugin: automatic redirect to third-party Identity Provider

authentication
saml
(Alex) #1

With the SAML plugin enabled one can choose to log in via SAML or internal user directory (user + password). It would be nice to have a configuration option to automatically get redirected to the login page of the Identity Provider (i.e. Keycloak).

Other plugins (i.e. the EasySSO plugin for Atlassian Confluence / Jira) offer this option, too. When a login with an internal user is required, there is the possibility to append ?sso=false to the URL.

(Julien Lancelot) #2

This feature is interesting, and by the way it would not be specific to SAML but to all identity providers (GitHub, Bitbucket, Azure, Google, etc.). It would allow to be automatically redirected to the provider when clicking on the login button.

It would require to have only one identity provider, or to be able to configure which one will be the one that will be automatically used.

The first drawback I can see is that where there are some permission errors (trying to access to a page without having the right permission for instance), the user should be redirected somewhere else as now he’s redirected to the login page. But let’s say it’s a technical detail :).

Let’s see if other people are voting for this feature before creating a JIRA ticket/idea.

1 Like
(Wisznewski) #3

´+1 for bitbucket :slight_smile:

(Fabian Lang) #4

+1 for the redirect to a default Identity Provider und +1 for a mechanism to use a technical (internal) user.