Versions Compared

Old Version 7

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 8

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Current File(s): conf/intercept/external-intercept-config.xml (V4.0), conf/idp.properties (V4.1+)
Format: Native Spring, Properties (V4.1+)

Table of Contents

Overview

The "external" interceptor flow is analagous to the External login flow, but for interceptors. It allows an interceptor to be implemented outside of the IdP's Spring WebFlow architecture and routes through a bridge generally implemented in a Java servlet or JSP page, but can be combined with additional redirects out of and then back into the IdP for additional development flexibility.

...

General Configuration

Localtabgroup

Localtab-live
titleV4.0

Use conf/intercept/external-intercept-config.xml to configure this flow.

The shibboleth.intercept.externalPath bean defines the flow redirection path to the resource that's used to perform the external interceptor's logic, by default a context-relative location. It must be a resource with access to the container session. Modify as needed to match the location of your external interface (see the documentation on flow redirects).

You may also dynamically derive the path to use, typically so that it can vary based on aspects of the request, by defining a bean named shibboleth.intercept.externalPathStrategy of type Function<ProfileRequestContext,String>

Localtab-live
activetrue
titleV4.1+

The idp.intercept.External.externalPath property defines the flow redirection path to the resource that's used to perform the external interceptor's logic, by default a context-relative location. It must be a resource with access to the container session. Modify as needed to match the location of your external interface (see the documentation on flow redirects).

On upgraded systems, the legacy file conf/intercept/external-intercept-config.xml may be removed if the property is defined in place of the original bean.

You may also dynamically derive the path to use, typically so that it can vary based on aspects of the request, by defining a bean (e.g., in global.xml) named shibboleth.intercept.externalPathStrategy of type Function<ProfileRequestContext,String>

API

The ExternalInterceptor class makes up the interface between the external code and the IdP. The general flow is:

...

NameTypeFunction
event         StringID of event to signal as result of the flow (defaults to "proceed" for a successful/continue outcome)

Reference

Localtabgroup

Localtab-live
titleBeans (V4.0)

The beans defined in conf/intercept/external-intercept-config.xml follow:

NameTypeDefaultDescription
shibboleth.intercept.externalPathStringcontextRelative:intercept.jsp

Spring Web Flow redirection expression for the resource

shibboleth.intercept.externalPathStrategyFunction<ProfileRequestContext,String>
A function that returns the redirection expression to use for the resource

Localtab-live
titleBeans (V4.1+)

The following bean may be defined in conf/global.xml:

NameTypeDescription
shibboleth.intercept.externalPathStrategyFunction<ProfileRequestContext,String>A function that returns the redirection expression to use for the resource

Localtab-live
activetrue
titleProperties (V4.1+)

The following properties may be defined in idp.properties:

NameDefaultDescription
idp.intercept.External.externalPathcontextRelative:intercept.jspSpring Web Flow redirection expression for the resource