Versions Compared

Old Version 11

changes.mady.by.user Former user

Saved on

compared with

New Version 12

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

IdP flow configuration should be accomplished using a preconfig.xml and postconfig.xml bean file in the src/main/resources/META-INF/net.shibboleth.idp/ directory of your plugin. The are then loaded either before or after the global-system.xml - preconfig is overridden by global-system and global-system is overridden by postconfig.

Info

The configuration below is incorrect and manual, a better automagical installation process is being discussed. This should be added to the postconfig.xml, will finish and update.

Add the flow to the list of available authentication flows in general-authn.xml with idp-conf:

Code Block
<!-- MODIFY these properties as appropriate -->
<bean id="authn/plugin" parent="shibboleth.AuthenticationFlow"
                p:forcedAuthenticationSupported="true"
                p:nonBrowserSupported="false">
            <property name="supportedPrincipals">
                <list>
                    <bean parent="shibboleth.SAML2AuthnContextClassRef"
                        c:classRef="http://example.org/ac/classes/mfa" />
                    <bean parent="shibboleth.SAML1AuthenticationMethod"
                        c:method="http://example.org/ac/classes/mfa" />
                </list>
            </property>
        </bean>
Info

Should these be overridden on the test classpath in the testbed rather than added to the IdP project?


Registering new spring Servlets/Controllers

...

  • Container servlets with annotations e.g. '@WebServlet'. Jetty would need to register these, they will not have access to the spring context for bean injection.
  • Container servlets in the web.xml. They will not have access to the spring context for bean injection.
    • Or a servlet using the DelegatingFilterProxy, which with then allow access to spring context.
  • Spring controllers with annotations e.g. '@Controller'. Spring needs to register these, so they must be in an 'outer' spring configuration file i.e. not inside a spring webflow bean definition file (I think?). It can be used to wire up any spring bean.

A borrowed mechanism (similar to that used for the postconfig in the previous section)  for loading webflow config beans from the classpath seems to work. That is adding the controller config to a src/main/resources/META-INF/net.shibboleth.idp/postwebflow-config.xml. This is picked up by the Spring DispatcherServlet config as part of the idp servlet.