Versions Compared

Old Version 10

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 11

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

Once control is transferred to the external path, the IdP has no control over what happens. While the sensitivity of this feature is much less than with the authentication use case, it's still the deployer's responsibility to ensure the external code does what it's meant to do.

General Configuration

localtab-livetrue
Localtabgroup
Expand
titleV4.0

Use conf/intercept/external-intercept-config.xml to configure this flow.

The shibboleth.intercept.externalPath bean defines the flow redirection path to the resource that's used to perform the external interceptor's logic, by default a context-relative location. It must be a resource with access to the container session. Modify as needed to match the location of your external interface (see the documentation on flow redirects).

You may also dynamically derive the path to use, typically so that it can vary based on aspects of the request, by defining a bean named shibboleth.intercept.externalPathStrategy of type Function<ProfileRequestContext,String>

Localtab live
active
Expand
titleV4.1+

The idp.intercept.External.externalPath property defines the flow redirection path to the resource that's used to perform the external interceptor's logic, by default a context-relative location. It must be a resource with access to the container session. Modify as needed to match the location of your external interface (see the documentation on flow redirects).

On upgraded systems, the legacy file conf/intercept/external-intercept-config.xml may be removed if the property is defined in place of the original bean.

You may also dynamically derive the path to use, typically so that it can vary based on aspects of the request, by defining a bean (e.g., in global.xml) named shibboleth.intercept.externalPathStrategy of type Function<ProfileRequestContext,String>

...

On first access to the external resource, the request attributes below will be set.

Name

Type

Function

opensamlProfileRequestContext

ProfileRequestContext

Access to full request context tree

Outputs

Name

Type

Function

event         

String

ID of event to signal as result of the flow (defaults to "proceed" for a successful/continue outcome)

Reference

localtab-live
Localtabgroup
Expand
titleBeans (V4.0)

The beans defined in conf/intercept/external-intercept-config.xml follow:

Name

Type

Default

Description

shibboleth.intercept.externalPath

String

contextRelative:intercept.jsp

Spring Web Flow redirection expression for the resource

shibboleth.intercept.externalPathStrategy

Function<ProfileRequestContext,String>


A function that returns the redirection expression to use for the resource

localtab-live
true
Expand
titleBeans (V4.1+)

The following bean may be defined in conf/global.xml:

Name

Type

Description

shibboleth.intercept.externalPathStrategy

Function<ProfileRequestContext,String>

A function that returns the redirection expression to use for the resource

Localtab live
active
Expand
titleProperties (V4.1+)

The following properties may be defined in idp.properties:

Name

Default

Description

idp.intercept.External.externalPath

contextRelative:intercept.jsp

Spring Web Flow redirection expression for the resource