This section of the SAML documentation covers how to achieve what you’re looking for.
In short:
<meta http-equiv="refresh" content="0;URL=/SSO/" />
I would also add that it is probably a better idea to rename index.html to fdsfdsy78vcds08iur2389chediuhcadjkszhijuacdsv99.html , this will make it still possible for a developer to log in using username/password, for instance when having to bootstrap the system of whenever your identity provider is down.
Security-wise there is not a huge difference between obscuring and removing.
Thanks – I’m trying it as we speak and i agree with the renaming. We don’t want to lose the ability just hide it.
I have tried removing or renaming the login.html in my Themes folder and it just recreates it.