How to Add a "Wait" page to your IdP

Overview

If you are seeing noticeable delays after authentication, you can add a "please wait" screen which will be displayed until the application takes over the display. The delay may be due to slow processing of the attributes that the IdP is sending to the SP or just some sporadic network delays. 

Shibboleth IdP version 2.x

In the 2.x version there are four velocity template files that need to be updated. They are contained in the opensaml jar that is part of the idp.war. There are few things to do:

  1. Find the opensamlxxx.jar file that is located in the idp/lib directory
  2. Export the template files into another directory that you will use for editing. Let's call it mytemplates.
  3. Add text to the four files that indicates that the user has been authenticated, but may need to wait a moment for the app to start.
  4. Put the files in an archive that uses the directory as part of the path.
  5. Add the archive to your ClassPath (note: tomcat 6.x starts a fresh CLASSPATH variable in the startup.sh)
  6. Edit the conf/internal.xml file with the new directory path (mytemplates)
  7. Restart your IdP

Files and contents

The files are saml1-post-binding.vm, saml2-post-artifact-binding.vm, saml2-post-binding.vm, saml2-post-simplesign-binding.vm.

Example contents for saml2-post-binding.vm. Add the following to the existing contents:

<div id="alert">Your login is being processed. Thank you for waiting.</div>
 
       <style type="text/css">
       <!--
       #alert {
       margin:100px 250px;
       font-family: Verdana, Arial, Helvetica, sans-serif;
       font-size:14px;
       font-weight:normal;
       }
       -->
       </style>
##
## Velocity Template for SAML 2 HTTP-POST binding
##
## Velocity context may contain the following properties
## action - String - the action URL for the form
## RelayState - String - the relay state for the message
## SAMLRequest - String - the Base64 encoded SAML Request
## SAMLResponse - String - the Base64 encoded SAML Response
 
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
 
    <body onload="document.forms[0].submit()">
        <noscript>
            <p>
                <strong>Note:</strong> Since your browser does not support JavaScript,
                you must press the Continue button once to proceed.
            </p>
        </noscript>
 
 
       <div id="alert">Your login is being processed. Thank you for waiting.</div>
 
       <style type="text/css">
       <!--
       #alert {
       margin:100px 250px;
       font-family: Verdana, Arial, Helvetica, sans-serif;
       font-size:14px;
       font-weight:normal;
       }
       -->
       </style>
         
        <form action="${action}" method="post">
            <div>
                #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end
                 
                #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end
                 
                #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
                 
            </div>
            <noscript>
                <div>
                    <input type="submit" value="Continue"/>
                </div>
            </noscript>
        </form>
         
    </body>
</html>