Class SamlFederationFilterHeaplet

All Implemented Interfaces:
Heaplet

public final class SamlFederationFilterHeaplet extends AbstractSamlFederationHeaplet
The SAML federation filter works like other SSO type filters, a request that passes through the SAML federation filter, that does not trigger the logout expression or matches one of the SAML endpoints, will be checked for a valid session. If there is a valid session, the request will pass to the next handler. If the session is not valid, the default SP initiated SSO processing will be triggered.
 {
    "type": "SamlFederationFilter",
    "config": {
       "redirectURI:               : string            [REQUIRED - the URI to use after IDP initiated SSO processing
                                                                   has been completed and either no {@code RelayState}
                                                                   has been specified or no {@code defaultRelayState}
                                                                   value has been set in the SP extended metadata.]
       "assertionMapping"          : map,              [REQUIRED - instance of Map<String, String>, used to map
                                                                   attributes provided in the {@code Assertion} to
                                                                   attribute names when set into the {@code Session}.
                                                                   No attributes are mapped by default.]
       "subjectMapping"            : string            [OPTIONAL - used to map the {@code Assertion} {@code Subject}
                                                                   into the {@code Session}. Defaults to
                                                                   'subjectMapping' if not specified.]
       "sessionIndexMapping"       : string            [OPTIONAL - used to map the {@code Assertion}
                                                                   {@code SessionIndex} value into the
                                                                   {@code Session}. Defaults to 'sessionIndexMapping'
                                                                   if not specified.]
       "authnContext"              : string            [OPTIONAL - used to map the {@code Assertion}
                                                                   authentication context values into the
                                                                   {@code Session}. Defaults to 'authnContext'
                                                                   if not specified.]
       "authnContextDelimiter"     : string            [OPTIONAL - used as the delimiter when there are multiple
                                                                   authentication context. Defaults to '|' if not
                                                                   specified.]
       "assertionConsumerEndpoint" : string            [OPTIONAL - used as part of the URI that designates the
                                                                   assertion consumer endpoint as defined in the SPs
                                                                   metadata shared with the IDP. Defaults to
                                                                   'fedletapplication' if not specified.]
       "SPinitiatedSSOEndpoint"    : string            [OPTIONAL - used as part of the URI that designates the
                                                                   SP initiated SSO endpoint. Defaults to
                                                                   'SPInitiatedSSO' if not specified.]
       "SPinitiatedSLOEndpoint"    : string            [OPTIONAL - used as part of the URI that designates the
                                                                   SP initiated SLO endpoint. Defaults to
                                                                   'SPInitiatedSLO' if not specified.]
       "singleLogoutEndpoint"      : string            [OPTIONAL - used as part of the URI that designates the
                                                                   SP SLO endpoint as defined in the SPs
                                                                   metadata shared with the IDP. Defaults to
                                                                   'fedletSloRedirect' if not specified.]
       "singleLogoutEndpointSoap"  : string            [OPTIONAL - used as part of the URI that designates the
                                                                   SP SLO SOAP endpoint as defined in the SPs
                                                                   metadata shared with the IDP. Defaults to
                                                                   'fedletSloSoap' if not specified.]
       "useOriginalUri"            : boolean           [OPTIONAL - when set to true, specifies that the originalUri
                                                                   is used in preference to the request URI when
                                                                   validating the various SAML URIs. Defaults to
                                                                   'true' if not specified.]
       "redirectionMarker": {     :                    [OPTIONAL - Configure the redirectionMarker, added by default
                                                                   without having to specify this configuration item.]
         "enabled"                : Boolean            [OPTIONAL - if true, the redirection marker will be used to
                                                                   protect against infinite authentication loops.
                                                                   Defaults to true.]
         "name"                   : String             [OPTIONAL - The name of the redirectionMarker query parameter
                                                                   to use when the redirectionMarker is enabled.
                                                                   Defaults to "_ig".]
       }
       "logoutExpression"          : booleanExpression [OPTIONAL - a boolean expression that if it evaluates to
                                                                   true, will trigger a SP initiated SLO.]
       "logoutURI"                 : string  [OPTIONAL - URI to redirect to after a successful logout,
                                                                   the original URI will be used when not specified.]
       "secretsProvider"           : SecretsProvider   [OPTIONAL - secrets provider used to obtain secrets.
                                                                   REQUIRED if 'SecretsSaml2CredentialResolver'
                                                                   is used.]
       "spEntityId"                : string            [OPTIONAL - the SP Entity ID that this SP represents, required
                                                                   when there is more than one SP defined in the
                                                                   SAML metadata to avoid the incorrect SP being
                                                                   selected by default.]
       "failureHandler"            : Handler           [OPTIONAL - A failure handler to be invoked when there is an
                                                                   error during SAML processing. Defaults to
                                                                   {@code SamlSupport.defaultFailureHandler()}.]
    }
  }