Generating unsolicited SAML response fromĀ user interface - SSO
It's possible to generate an unsolicited SAML response from SSO UI using the view.unsolicited() javascriptāinterface in message property keys, which support HTML content (ie. _*LINKS such as MENU_HELP_LINKS).
The function view.unsolicited() takes two parameters. The first parameter is the application name as defined in the links file. The second parameter is a map of parameters available for SessionRelayServiceāinterface in SSO server, whose response is to relay the unsolicited SAML responses to Service Providers. Possible parameters for SessionRelayService are:
- isPassive āĀ Perform a passive authentication.
- forceAuthn āĀ User is forced to authenticate.
- oneTimeUse āĀ The authentication is one time use only.
Following example is the definition for application name 'create.account' in the links file:
#default.links: create.account.url = /customerid/create-account create.account.entityID = cn=CID Create Account,ou=CustomerID create.account.methods = password.1
The property .entityID defines the Web Agent ID of the service provider, where the unsolicided SAML response is sent.
The property .url defines the path, which will be passed in RelayState URL-parameter to the service provider.
The property .methods defines the set of method for which this application is available.
In the example below, the application 'create.account' is referenced in view.unsolicited()āfunction call in MENU_HELP_LINKS message property in the language file:
#uas.properties: MENU_HELP_LINKS = <li><a href="javascript:view.unsolicited('create.account',{'isPassive':true})">Create Account</a></li>
This web page (including any attachments) may contain confidential, proprietary, or privileged information ā not for disclosure without authorization from Ubisecure Inc. Copyright Ā© 2024. All Rights Reserved.