Cannot disable question whether user concents to federate with service provider

  • 7008751
  • 08-Jun-2011
  • 26-Apr-2012


Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Windows Novell Identity Server
Novell Access Manager 3.1 Support Pack 3 must be applied at a minimum


When a SAML 2 environment is setup to federate between an Identity Provider (IDP) and Service Provider (SP), the user is always prompted to consent to the federation before it progresses. For example, If a user hits an IDP intersite transfer URL, authenticates and gets redirected to the SP the user is federating with, the following message appears on the browser:

he Service Provider being authenticated has requested account federation with this site.
Service Provider domain:
Do you give consent for this federation?"

The Administrator
does not want the user to be prompted to federate but no option seems to exist in the Admin Console that can can change this default behaviour - Admin tried going to the 'User Interaction Settings' option under the IDP servers Liberty -> Web service consumer and disabled user interactions but this had no effect.


Modify the web.xml initialization parameter with the following setting to disable the user getting prompted whether user consents to federate with service provider.


This web.xml file is located under $TOMCAT_HOME/webapps/nidp/WEB-INF/web.xml for both WIndows
and Linux based IDP servers.

Additional Information

An example position to add it into is just below the ldapLoadThreshold parameter, as shown below.