{"type":"doc","content":[{"type":"paragraph","content":[{"text":"Current File(s):","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"conf/relying-party.xml","type":"text","marks":[{"type":"em"}]},{"type":"hardBreak"},{"text":"Format:","type":"text","marks":[{"type":"strong"}]},{"text":" Native Spring","type":"text"}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{},"macroMetadata":{"macroId":{"value":"5bbc9cce-8a5a-48f9-8995-1627ac3ccb31"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"75be0f58-9a37-4fa4-b568-c3740ca9602f"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"An interceptor is a Spring Web Flow that can be run as a subflow (a sort of callable subroutine) at specific points during the processing of a request to the IdP to do work. It allows behavior to be customized without replacing core code.","type":"text"}]},{"type":"paragraph","content":[{"text":"There are currently three different \"interception\" points in the profile flows:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Inbound message processing","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Post-authentication during SSO profiles","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Outbound message processing","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"The inbound and outbound hooks are not commonly used by deployers. In contrast, the post-authentication hook is a very fruitful injection point for supporting many useful features. Several predefined examples come with the software, and can be used as examples to develop your own, though this is a development task, not just a matter of configuration.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"General Configuration","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Built-In Interceptors","type":"text"}]},{"type":"paragraph","content":[{"text":"The following interceptor flows are provided with the software:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Attribute Release Consent","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP5/pages/3199509862"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Terms of Use Consent","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP5/pages/3199509862"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Context Checking","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP5/pages/3199509927"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Warning","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP5/pages/3199510081"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Expiring Password","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP5/pages/3199509968"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Impersonate","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP5/pages/3199510036"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"External","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP5/pages/3199510005"}}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Enabling Interceptors","type":"text"}]},{"type":"paragraph","content":[{"text":"The three interception points mentioned above correspond to three properties that can be specified on the profile configuration beans in the ","type":"text"},{"text":"RelyingPartyConfiguration","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP5/pages/3199508044"}}]},{"text":". Each property is a list of intercept flow IDs (excluding the \"intercept/\" prefix) to run.","type":"text"}]},{"type":"paragraph","content":[{"text":"All profile configurations include a pair of properties, ","type":"text"},{"text":"inboundInterceptorFlows","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"outboundInterceptorFlows","type":"text","marks":[{"type":"code"}]},{"text":", for specifying inbound and outbound interceptors.","type":"text"}]},{"type":"paragraph","content":[{"text":"Authentication profile configurations (e.g. CAS, SAML Browser SSO and ECP) include a ","type":"text"},{"text":"postAuthenticationFlows","type":"text","marks":[{"type":"code"}]},{"text":" property for specifying the ordered list of interceptors to run after most of the work of the system is done but before any outbound message/response has been generated. They run after the user has logged in and after any user attributes have been resolved and filtered; essentially all that's left is the production of a response, so this is an opportunity to affect the result that will be produced (or prevent one altogether).","type":"text"}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"Example enabling intercepts for the SAML SSO profiles","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":" \n \n \n \n \n \n \n \n \n \n \n \n \n \n ","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Developing Interceptor Flows","type":"text"}]},{"type":"paragraph","content":[{"text":"Refer to the ","type":"text"},{"text":"ProfileHandling","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP5/pages/3199511979"}}]},{"text":" developer material for more technical details on developing interceptor flows.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Reference","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Beans","type":"text"}]},{"type":"table","attrs":{"layout":"full-width","localId":"2bce4384-a867-42e6-a643-456bbc2a7132"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"Bean ID","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[356.0]},"content":[{"type":"paragraph","content":[{"text":"Type","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[612.0]},"content":[{"type":"paragraph","content":[{"text":"Function","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.AvailableInterceptFlows","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[356.0]},"content":[{"type":"paragraph","content":[{"text":"List","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.List"}}]},{"text":"<","type":"text"},{"text":"ProfileInterceptorFlowDescriptor","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-idp.cgi/net.shibboleth.idp.profile.interceptor.ProfileInterceptorFlowDescriptor"}}]},{"text":">","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[612.0]},"content":[{"type":"paragraph","content":[{"text":"List of flow descriptors enumerating the interceptor flows available to the system (supplanted now by autowiring of ","type":"text"},{"text":"ProfileInterceptorFlowDescriptor","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-idp.cgi/net.shibboleth.idp.profile.interceptor.ProfileInterceptorFlowDescriptor"}}]},{"text":" beans, but you might need to create this bean if you wish to extend/alter the behavior of the system-defined flows)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.InterceptFlow","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[356.0]},"content":[{"type":"paragraph","content":[{"text":"ProfileInterceptorFlowDescriptor","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-idp.cgi/net.shibboleth.idp.profile.interceptor.ProfileInterceptorFlowDescriptor"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[612.0]},"content":[{"type":"paragraph","content":[{"text":"Abstract parent bean for defining new flow descriptor beans","type":"text"}]}]}]}]},{"type":"paragraph"}],"version":1}

Browser not supported