Page Comparison

V4.0+

With the V4 release of the plugin, the same filter used internally in the IdP is used to handle response header customization, so the original custom filter defined in the plugin has been removed. In the unlikely event that the original plugin hook was used to install a custom filter, use of web.xml to do this is suggested instead.

The original system properties created to control the installation of, and mappings for, the OP filter are no longer supported in this release and are ignored. By default, the plugin automatically extends the IdP’s known set of URL prefixes to apply its response headers to by adding the /profile/oidc/ and /profile/oauth2/ prefixes to the built-in set.

In the event that customizing the conditions under which the response header filter runs is required, the condition used to evaluate that can be overridden via a property named idp.responseHeaderCondition that references a bean of type Predicate<ServletRequest>. This predicate could optionally be injected with the built-in condition via the bean named shibboleth.UserFacingPrefixPredicate in order to delegate decisions to it.

Earlier Versions

Starting with V3.1, the OP plugin automatically registers a configurable Filter attached to its endpoints.

Activation

The filter registration is enabled by default, but the feature can be deactivated via a Java system property:

-Dnet.shibboleth.idp.plugin.oidc.op.servlet.RegisterFilterServletContextInitializer=disabled

Filter Mappings

By default, the filter is mapped to all /profile/oidc/* and /profile/oauth2/* endpoints, but the list can be customized via a space-separated list in the net.shibboleth.idp.plugin.oidc.op.servlet.RegisterFilterServletContextInitializer.mappings Java system property.

...

"-Dnet.shibboleth.idp.plugin.oidc.op.servlet.RegisterFilterServletContextInitializer.mappings=/profile/oauth2/* /profile/oidc/* /profile/custom/*"

Filter Configuration

The filter is configured by defining a bean named via the idp.oidc.ResponseHeaderFilter property.

...