...
More typically in the Password flow or MFA flows, but generally applicable, it's possible for login flows to return custom Spring Web Flow events in addition to the events that are hardwired into the system. This typically arises as a result of mapping a specific error message to an event by means of a "classified message" map, or in advanced cases might be triggered by a button or other user input on a login form to cause some other login method to execute.
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<end-state id="MyCustomEvent" />
<global-transitions>
<transition on="MyCustomEvent" to="MyCustomEvent" />
<transition on="#{!'proceed'.equals(currentEvent.id)}" to="InvalidEvent" />
</global-transitions> |
In many cases, you also want this custom event to result in a custom error message/page at the IdP rather than a response to the SP. This isn't the default for most events, but you can modify the shibboleth.LocalEventMap bean in conf/errors.xml to change the behavior, and add custom error messages for the standard error view to messages/messages.properties. See ErrorHandlingConfiguration for details.
"Initial Authentication"
| Note |
|---|
This feature pre-dates the development of the Multi-Factor login flow, and in virtually all cases it should be used in place of this feature. It is deprecated and will be removed in V4.0. In addition, you should consider the value of the idp.authn.identitySwitchIsError property. The default of "false" can result in anomalous behavior of the authenticated identity produced during the "regular" authentication sequence doesn't match the value produced initially. |
...