SP not available message

[Michael A Grady]

> On Apr 8, 2020, at 8:14 AM, Mak, Steve <makst at upenn.edu> wrote:
> 
> ContextCheck intercept is what you want:
> 
> https://wiki.shibboleth.net/confluence/display/IDP30/ContextCheckInterceptConfiguration <https://wiki.shibboleth.net/confluence/display/IDP30/ContextCheckInterceptConfiguration>
> 
> Set the intercept to end with a custom event(intercept flow file+intercept events file), and then set that custom event to local error (errors.xml), then set that local error custom message title and message (message properties).
> 
> Then set that down SP to use the contextCheck intercept you just created in relying party overrides and you should be good to go.
> 
> On 4/8/20, 09:05, "users on behalf of Lohr, Donald" <users-bounces at shibboleth.net <mailto:users-bounces at shibboleth.net> on behalf of lohrda at jmu.edu <mailto:lohrda at jmu.edu>> wrote:
> 
> We are not after a method on the IdP that can detect if a SP is not 
> available to alert the users.
> 
> We are after a method on the IdP that if we are working with the vendor 
> on a know outage issue that we can have a message for the users going to 
> that SP on our login that said SP is not available and that IT is 
> working with the vendor to resolve.


Simply by adding a new message property that is normally "empty" but you change to whatever message you want to put on the login page would work to add a message to the Login page. But as was pointed out, you won't see that if the user already has an SSO session, in which case the context intercept approach would work no matter what (but you would have had to logged in first).  But the message property approach works without needing to reload/restart anything.

--
Michael A. Grady
IAM Architect, Unicon, Inc.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200408/38918a79/attachment.html>