ConsentConfiguration , consent intercept not showing up in IDP v4.1

jehan Procaccia tem-tsp jehan.procaccia at
Wed Jun 9 16:37:16 UTC 2021

Hello, I followed doc

but my IDP still don't show the intercept of attribute consent, I get to 
a test SP (attribute-viewer)  without beeing ask to consent attributs 
(and I do see attributes on the SP !)

here's what I did :

1) enabled the module : |bin/ -e idp.intercept.Consent|

2) set consent properties in :

idp.consent.allowGlobal = true
idp.consent.allowPerAttribute = true

+ storage

idp.consent.StorageService = shibboleth.ClientPersistentStorageService

idp.consent.maxStoredRecords = 10

3) configured (example)  messages in /messages/

|my-terms = my-tou|
|my-tou.title = Example Terms of Use|
|my-tou.text = This is an example Terms of Use|

4) Using One Terms of Use Message for Every Relying Party 

|<bean id=||"shibboleth.consent.terms-of-use.Key"| 
|||<constructor-arg value=||"my-terms"||/>|
|<util:set id="shibboleth.consent.attribute-release.PromptedAttributeIDs">

|5) |Enabling Terms Of Use Intercept Flow /conf/relying-party.xml/.

/<!-- commented this default <bean parent="SAML2.SSO" />  and replaced 
with line below-->
                 <!-- consent JP -->
                 <bean parent="SAML2.SSO" p:postAuthenticationFlows="#{ 
{'terms-of-use', 'attribute-release'} }" />/
not sure of that one ...?

7) after all these configurations, I stoped tomcat, rebuild idp.war 
(shibboleth-idp]# ./bin/  => Installation Directory: 
[/opt/shibboleth-idp] ) , restart tomcat

but still , no attribute release Intercept consent appears  .

did I missed something ?

thanks .


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list