/
OPCustomRedirectUriValidation
OPCustomRedirectUriValidation
- Henri Mikkonen
Owned by Henri Mikkonen
Oct 21, 2024
Since version 4.2.0, the OAUTH2.PAR, OIDC.SSO and OAUTH2.Token profiles support injecting a custom validation logic for the redirect_uri -parameter in the request. The bean specified via customRedirectUriValidationStrategy must be of type BiPredicate<URI,ProfileRequestContext> where the first parameter contains the requested redirect_uri value.
An abstract bean shibboleth.oidc.MetadataPolicyRedirectUriValidator is useful for exploiting metadata policies in validation.
The following example accepts the requested value is either https://rp.example.org/cb1 or https://rp.example.org/cb2:
<bean id="CustomValidator1" parent="shibboleth.oidc.MetadataPolicyRedirectUriValidator">
<property name="metadataPolicy">
<bean class="net.shibboleth.oidc.metadata.policy.MetadataPolicy"
p:oneOfValues="#{{'https://rp.example.org/cb1','https://rp.exmaple.org/cb2'}}" />
</property>
</bean>The following example accepts any requested value starting with https://rp.example.org/:
<bean id="CustomValidator2" parent="shibboleth.oidc.MetadataPolicyRedirectUriValidator">
<property name="metadataPolicy">
<bean class="net.shibboleth.oidc.metadata.policy.MetadataPolicy"
p:regexp="^https:\/\/(?:([^.]+).)?rp.example.org\/(.*)"/>
</property>
</bean>
, multiple selections available,
Related content
OPMetadataClientRegistration
OPMetadataClientRegistration
Read with this
OPAuthorization
OPAuthorization
Read with this
OPProfileConfiguration-FlowTypes
OPProfileConfiguration-FlowTypes
Read with this
OAuthRPMetadataProfile
OAuthRPMetadataProfile
Read with this