Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

There may be situations in which you need to create a custom admin flow. Uses cases for this my vary, but for my organization’s purpose, we wanted to be able to see all the current lockouts and fetch additional details about each. The current admin flow for this doesn’t provide a listing of all the lockouts, only basic details about a specific one (and the ability to increment the lock counter or clear the lock). So we copied a lot of the code to develop our own custom version.


This bean could also be defined in conf/global.xml. The “id” MUST match the ID you gave to your “shibboleth.AdminProfileId” bean definition in step 1.

If you want, you can define the values for these bean properties in conf\admin\ and reference them via Velocity macro syntax:

  1. In order to register your flow as being a REST-ful resource, you need to define a "shibboleth.RESTFlows" bean as well. This is not 100% necessary if you want to fetch parameters from the normal HttpServletRequest query params (GET/POST), but if your flow wants to pull variables from the path (like a REST-resource would), it is required.
    Create a postconfig.xml file that will get packaged in your extension jar into META-INF/net/shibboleth/idp/mvc with the following content. The “mycustomflow” text in the <value> element below needs to match your admin flow name.

    Code Block
    <bean id="shibboleth.RESTFlows" parent="shibboleth.DefaultRESTFlows"
      <property name="sourceList">
    	<list merge="true">

    This could also be defined in conf/mvc-beans.xml if you have that file from a previous version of the IdP.