...
Code Block |
---|
|
<bean id="shibboleth.AvailableInterceptFlows" parent="shibboleth.DefaultInterceptFlows" lazy-init="true">
<property name="sourceList">
<list merge="true">
<bean id="intercept/aws/inbound" parent="shibboleth.InterceptFlow" />
<bean id="intercept/aws/outbound" parent="shibboleth.InterceptFlow" p:activationCondition-ref="AmazonAssumeRoleCondition" />
</list>
</property>
</bean>
<bean id="AmazonAssumeRoleCondition" parent="shibboleth.Conditions.Scripted" factory-method="inlineScript">
<constructor-arg name="scriptSource">
<value>
<![CDATA[
var amazonCtx = profileContext.getSubcontext("org.example.shibboleth.idp3.amazon.AmazonRequestContext");
amazonCtx != null && amazonCtx.getAction().equals("AssumeRoleWithSAML");
]]>
</value>
</constructor-arg>
</bean> |
One note about the override is that it adds the custom inbound flow along with the default one that's built into the system wiring.
conf/relying-party.xml
Code Block |
---|
|
<bean p:id="Amazon" parent="RelyingPartyByName" c:relyingPartyIds="urn:amazon:webservices">
<property name="profileConfigurations">
<list>
<bean parent="SAML2.SSO"
p:signResponses="false"
p:maximumSPSessionLifetime="PT9H"
p:inboundInterceptorFlows="#{{'security-policy/saml2-sso', 'aws/inbound'}}"
p:outboundInterceptorFlows="aws/outbound">
</bean>
</list>
</property>
</bean> |
...