Versions Compared

Old Version 8

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version Current

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Callback Handler

The Sign-In request (Redirect URL) to the IDP contains several query parameters to customize the sign in process. Some parameters are configured statically in the Fediz configuration file, some others can be resolved at runtime when the initial request is received by the Fediz plugin.

Configuration values common to both WS-Federation and SAML SSO

The following table gives an overview of the parameters which can be resolved at runtime for either the WS-Federation or SAML SSO protocols.

XML element

Callback class

issuer

IDPCallback

logoutRedirectToConstraintReplyConstraintCallback


WS-Federation

The following table gives an overview of the parameters which can be resolved at runtime for the WS-Federation protocol. It contains the XML element name of the Fediz configuration file, the query parameter name of the sign-in request to the IDP as well as the Callback class.

XML element

Query parameter

Callback class

Supported version

authenticationType

wauth

WAuthCallback1.0.0

homeRealm

whr

HomeRealmCallback

1.0.0

issuer

N.A.

IDPCallback

1.0.0

freshness

wfresh

FreshnessCallback1.0.2

realm

wtrealm

RealmCallback

1.1.0

N.A.signInQuery

any

SignInQueryCallback1.1.0

signOutQueryanySignOutQueryCallback
requestwreqWReqCallback
replywreplyReplyCallback1.1.1

If you configure a class which implements the interface javax.security.auth.callback.CallbackHandler you get the corresponding Callback object where you must set the value which is then added to the query parameter. The Callback object provides the HttpServletRequest object which might give you the required information to resolve the value.

...

Code Block
public class MyCallbackHandler implements CallbackHandler {
    
    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbacks.length; i++) {
            if (callbacks[i] instanceof HomeRealmCallback) {
                HomeRealmCallback callback = (HomeRealmCallback) callbacks[i];
                HttpServletRequest request = callback.getRequest();
                String homeRealm = ...
                callback.setHomeRealm(homeRealm);
            } else {
                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
            }
        }
    }
}

Custom Token Validator

...

It is possible to plug in a custom Token Validator for either protocol as well using the "tokenValidators" configuration parameter. This takes a list of Strings, each of which correspond to the class name of a TokenValidator instance. For example:

Code Block
...
        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType" version="1.2">
            ...
            <tokenValidators>
                <validator>org.apache.cxf.fediz.core.federation.CustomValidator</validator>
            </tokenValidators>
            ...
        </protocol>
...