Joseph.Fischetti at marist.edu
Fri Oct 13 09:17:34 EDT 2017
> is there an accepted way to add customized messaging per service (without a whole lot of development)?
I think the key to the question is "without a whole lot of development"?
Flow intercepts aren't a huge deal to implement, from what I've experienced is just a matter of getting all the right files in the right places... then the message itself gets defined in messages/messages.properties. It's a lot of copying/modifying one-liners and it sounds like more work than it is. Our relatively simple IDP currently has 3 custom flow intercepts defined.
The page in the wiki  does a pretty good job outlining what needs to be done.
1) Copy the default flow intercept from system/flows/intercept/context-check (flow and bean) to flows/intercept/FLOWNAME/FLOWNAME- (flow and bean)
2) Modify the files so they point to the right locations /names (its basically just a matter of changing the flow name iirc).
3) Create a new file in conf/intercept/ called FLOWNAME-intercept.xml
4) In this file, define a new bean that will act to filter your users past it. (I can provide an example of one of my working ones if you want).
5) in idphome/conf/intercept/profile-intercept.xml, add a new bean id of type shibboleth.InterceptFlow (following the existing formats)
6) in idphome/conf/errors.xml, Add the flow intercept to the local event list if it's to be handled locally.
7) in idphome/messages/messages.properties, define the title and messages that show up on failure. *you'll need definitions like: FLOWNAME = flow-name, flow-name.message, and flow-name.title. I had originally tried using FLOWNAME.message and FLOWNAME.title, but received errors*
8) Finally, modify relying-party.xml so that it calls that intercept when a login is attempted. Simply add p:postAuthenticationFlows="FLOWNAME" to the SAML2.SSO bean. This way, your flows may/may not be active for only certain relying parties.
 - https://wiki.shibboleth.net/confluence/display/IDP30/ContextCheckInterceptConfiguration
Linux System Administrator
More information about the users