Customizing Login & Workflow

[Cantor, Scott]

> 3)I will the figure a way to deploy this to the IdP servers (independent of the
> './install.sh' or './build.sh')

Have a staging system, git pull the config into it to test it, and then when it's ready just rsync it over to production.

You can make it ten times as complicated I guess, but I don't really see the value personally, but I guess it depends on how many people you have involved in support.

> For the login work flow change - to check if password update/ToU
> agreement required -- we unfortunately have a very custom database driven
> mechanism -- and require to produce pages which redirect to a separate
> application (users has up to 5 chances) -- can you recommend a working code
> to emulate?

No, that's a custom use case. You can look at the interceptor examples provided as a very basic outline, and refer to the documentation I wrote [1] (interceptors are discussed near the bottom), but you're going to need to learn some Java, Spring, and Spring Web Flow, basically.

Once you learn them you can do very complicated things in a very small amount of code, but the learning curve is steep and the SWF usage patterns we have aren't really documented well.

I doubt Spring's database support will have much useful that would save you any time, but I haven't ever used it. I'm no fan of Hibernate either (that's an understatement), but that's a less popular opinion.

-- Scott

[1] https://wiki.shibboleth.net/confluence/display/IDP30/ProfileHandling