The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.
ExternalInterceptConfiguration
Current File(s): conf/intercept/external-intercept-config.xml (V4.0), conf/idp.properties (V4.1+)
Format: Native Spring, Properties (V4.1+)
Overview
The "external" interceptor flow is analagous to the External login flow, but for interceptors. It allows an interceptor to be implemented outside of the IdP's Spring WebFlow architecture and routes through a bridge generally implemented in a Java servlet or JSP page, but can be combined with additional redirects out of and then back into the IdP for additional development flexibility.
Once control is transferred to the external path, the IdP has no control over what happens. While the sensitivity of this feature is much less than with the authentication use case, it's still the deployer's responsibility to ensure the external code does what it's meant to do.
General Configuration
API
The ExternalInterceptor class makes up the interface between the external code and the IdP. The general flow is:
Call ExternalInterceptor.startExternalInterceptor(HttpServletRequest), saving off the result as a key.
Do work as necessary. Any redirects must preserve the key value returned in step 1 because it must be used to complete the flow later.
Set request attributes to communicate the result of the interceptor back (likely just an event, if not successful).
Call ExternalInterceptor.finishExternalInterceptor(String, HttpServletRequest, HttpServletResponse). The first parameter is the key returned in step 1.
A JSP implementation is below. It works as is, but is obviously not doing anything interesting.
External interceptor example in JSP
<%@ page pageEncoding="UTF-8" %>
<%@ page import="net.shibboleth.idp.profile.interceptor.ExternalInterceptor" %>
<%@ page import="net.shibboleth.idp.profile.interceptor.ExternalInterceptorException" %>
<%
try {
final String key = ExternalInterceptor.startExternalInterceptor(request);
// If not successful...
request.setAttribute(ExternalInterceptor.EVENT_KEY, "CustomEvent");
ExternalInterceptor.finishExternalInterceptor(key, request, response);
} catch (final ExternalInterceptorException e) {
throw new ServletException("Error processing external interceptor", e);
}
%>
Inputs
On first access to the external resource, the request attributes below will be set.
Name | Type | Function |
---|---|---|
opensamlProfileRequestContext | Access to full request context tree |
Outputs
Name | Type | Function |
---|---|---|
event         | String | ID of event to signal as result of the flow (defaults to "proceed" for a successful/continue outcome) |
Reference
Â