When a SAML 2 environment is setup to federate between an Identity Provider (IDP) and Service Provider (SP), the user is always prompted to consent to the federation before it progresses. For example, If a user hits an IDP intersite transfer URL, authenticates and gets redirected to the SP the user is federating with, the following message appears on the browser:
Administrator does not want the user to be prompted to federate but no option seems to exist in the Admin Console can change this behaviour - Admin tried going to the 'User Interaction Settings' option under the IDP servers Liberty -> Web service consumer and disabled user interactions but this had no effect.
Making sure that the IDP servers are on Access Manager 3.1 Support Pack 3 or greater, set the federationConsent parameter in the IDP web.xml file to have a value of true. This file is located at /var/opt/novell/tomcat5/webapps/nidp/WEB-INF/ on Linux based IDP servers, and at C:\Program Files\Novell\Tomcat\webapps\nidp\WEB-INF\ on Windows based IDP servers.
The default web.xml file has the ldapLoadThreshold parameter set, so just add the federationConsent parameter below that as shown below.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.