I found the triggerchallenge as a setting in ‘class’ => ‘privacyidea:serverconfig’ in the auth proc filter to load privacyIDEA in simplesamlphp. Changing it makes is possible to make the passonnotoken work, but the user still gets the dialog window for the pin + otp. However, it passes when left empty.
I didn’t get the passonnouser working. It seems that the simplesaml module sends to endpoint /validate/samlcheck rather then to /validate/check. May be that is why passonnouser doesn’t work? just a thought.
But looking again at that configuration file, I noticed the enabledPath/enabledKey settings, which seem to make it possible to not send users to privacyIDEA at all if certain criteria are met. That would also solve my problem.
I found discussion Authproc filter in simpleSAMLphp which unfortunately doesn’t seem to be resolved and does not have an example of a working configuration.
My aim is now to set the enabledkey to false for users, having the student attribute set to 1. If someone has a working configuration example for skipping privacy idea, based on a users attribute, that would be most helpful.