Generating unsolicited SAML response from user interface - SSO
It's possible to generate an unsolicited SAML response from SSO UI using the view.unsolicited() javascript–interface in message property keys, which support HTML content (ie. _*LINKS such as MENU_HELP_LINKS).
The function view.unsolicited() takes two parameters. The first parameter is the application name as defined in the links file. The second parameter is a map of parameters available for SessionRelayService–interface in SSO server, whose response is to relay the unsolicited SAML responses to Service Providers. Possible parameters for SessionRelayService are:
- isPassive → Perform a passive authentication.
- forceAuthn → User is forced to authenticate.
- oneTimeUse → The authentication is one time use only.
Following example is the definition for application name 'create.account' in the links file:
#default.links: create.account.url = /customerid/create-account create.account.entityID = cn=CID Create Account,ou=CustomerID create.account.methods = password.1
The property .entityID defines the Web Agent ID of the service provider, where the unsolicided SAML response is sent.
The property .url defines the path, which will be passed in RelayState URL-parameter to the service provider.
The property .methods defines the set of method for which this application is available.
In the example below, the application 'create.account' is referenced in view.unsolicited()–function call in MENU_HELP_LINKS message property in the language file:
#uas.properties:
MENU_HELP_LINKS = <li><a href="javascript:view.unsolicited('create.account',{'isPassive':true})">Create
Account</a></li>