SAMLErrorFilter
The SAMLErrorFilter provides a proper error handling for the SAML IDP use case (nevisProxy and nevisAuth are the identity providers). The SAMLErrorFilter will catch incoming requests and store the useful information in the session. When an error occurs (HTTP error from a backend, nevisAuth unavailable, ...) a SAMLResponse will be generated and sent. Only the HTTP Browser POST binding is supported. The SAMLResponse sent will be included in a XHTML self-submitting form. A SAMLResponse will only be generated, if a SAMLRequest for the same user session has been intercepted previously. SAMLRequests are identified by POST forms containing a parameter called SAMLRequest.
Classname
ch::nevis::isiweb4::filter::saml::SAMLErrorFilter
Library
libSAMLFilters.so.1
Configuration**
Name | Type, Usage Constraints, Defaults | Description |
---|---|---|
StatusCode | string; required | Comma separated list of HTTP status code for which a SAMLResponse will be generated. |
DefaultRecipient | string; required | The default target of the self-submitting form containing the SAMLRequest. This parameteris only used, if the recipient could not be defined by the 'Issuer' tag of the incoming SAMLRequest. |
ResponseIssuer | string; required | URI specified within the tag 'Issuer' of the generated SAMLResponse. |
RecipientMapping | string; false | Additional URI mapping which can be specified for the target of the self-submitting form. This is only used when the target could be identified by the incoming SAMLRequest (see 'DefaultRecipient'). Example: incoming SAMLRequest has issuer https://xyz/a and RecipientMapping=/b, the self-submitting form will be posted to https://xyz/a/b . |