...
For this to work with application level beans set by the IdP, the DynamicResponseHeaderFilter must be ordered above the CookieBufferingFilter in the web.xml e.g.
Info |
---|
|
It is important to note here, the DynamicResponseHeader filter is intercepting fewer URLs than the current implementation of the SameSite Servlet Filter (which is intercepting all requests to the IdP) - mostly missing SLO endpoints. |
Code Block |
---|
|
<filter-mapping>
<filter-name>DynamicResponseHeaderFilter</filter-name>
<url-pattern>/profile/admin/*</url-pattern>
<url-pattern>/profile/Shibboleth/SSO</url-pattern>
<url-pattern>/profile/SAML2/Unsolicited/SSO</url-pattern>
<url-pattern>/profile/SAML2/Redirect/SSO</url-pattern>
<url-pattern>/profile/SAML2/POST/SSO</url-pattern>
<url-pattern>/profile/SAML2/POST-SimpleSign/SSO</url-pattern>
<url-pattern>/profile/SAML2/Artifact/SSO</url-pattern>
<url-pattern>/profile/cas/login</url-pattern>
<url-pattern>/Authn/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CookieBufferingFilter</filter-name>
<url-pattern>/profile/admin/*</url-pattern>
<url-pattern>/profile/Logout</url-pattern>
<url-pattern>/profile/Shibboleth/SSO</url-pattern>
<url-pattern>/profile/SAML2/Unsolicited/SSO</url-pattern>
<url-pattern>/profile/SAML2/Redirect/SSO</url-pattern>
<url-pattern>/profile/SAML2/POST/SSO</url-pattern>
<url-pattern>/profile/SAML2/POST-SimpleSign/SSO</url-pattern>
<url-pattern>/profile/SAML2/Artifact/SSO</url-pattern>
<url-pattern>/profile/SAML2/Redirect/SLO</url-pattern>
<url-pattern>/profile/SAML2/POST/SLO</url-pattern>
<url-pattern>/profile/SAML2/POST-SimpleSign/SLO</url-pattern>
<url-pattern>/profile/SAML2/Artifact/SLO</url-pattern>
<url-pattern>/profile/cas/login</url-pattern>
</filter-mapping> |
Info |
---|
|
It is important to note here, the DynamicResponseHeader filter is intercepting fewer URLs than the current implementation of the SameSite Servlet Filter (which is intercepting all requests to the IdP) - mostly missing SLO endpoints. |