ConsentConfiguration , consent intercept not showing up in IDP v4.1

Jehan PROCACCIA jehan.procaccia at tem-tsp.eu
Wed Jun 16 10:37:53 UTC 2021 

Hello

just to let the list know, my consent interception is working fine now.
I forgot that the SP I was trying on,  had a shibboleth.RelyingPartyOverrides in relying-party.xml
hence the DefaultRelyingParty
<bean parent="SAML2.SSO" p:postAuthenticationFlows="#{ {'terms-of-use', 'attribute-release'} }" />
was not applyied to my test SP ! (which has no encryption and IP check so that I can debug SAML assertion easily )  
I added the property postAuthenticationFlows to the Overrides of that SP :
<bean parent="SAML2.SSO" p:encryptAssertions="false" p:checkAddress="false" p:postAuthenticationFlows="#{ {'terms-of-use', 'attribute-release'} }" />
now it's OK . 

Sorry for the noise .

jehan .

----- Mail original -----
De: "Jehan PROCACCIA" <jehan.procaccia at tem-tsp.eu>
À: "users" <users at shibboleth.net>
Envoyé: Jeudi 10 Juin 2021 00:01:16
Objet: Re: ConsentConfiguration , consent intercept not showing up in IDP v4.1

nop, no "consent" string in idp-process.log in DEBUG mode
it is as if the flow is not active

I did set as specified in https://wiki.shibboleth.net/confluence/display/IDP4/ConsentConfiguration 
"Using One Terms of Use Message for Every Relying Party" in  conf/intercept/consent-intercept-config.xml
<bean id="shibboleth.consent.terms-of-use.Key" parent="shibboleth.Functions.Constant">
  <constructor-arg value="my-terms"/>
</bean>

so it should be enabled for every RP . 

EI also nabled Terms Of Use Intercept Flow conf/relying-party.xml.

<!-- commented this default <bean parent="SAML2.SSO" />  and replaced with line below-->
<bean parent="SAML2.SSO" p:postAuthenticationFlows="#{ {'terms-of-use', 'attribute-release'} }" />
not sure of that one ...? 
does it works for you ? 

jehan .

----- Mail original -----
De: "Tom Zeller" <tzeller at dragonacea.biz>
À: "users" <users at shibboleth.net>
Envoyé: Mercredi 9 Juin 2021 22:48:49
Objet: Re: ConsentConfiguration , consent intercept not showing up in IDP v4.1

> Regarding Logs I am already in debug , how can I search for consent "flow" ?

Look for "consent" in the logs, something like : DEBUG
[net.shibboleth.idp.consent...]

If not there, maybe it is not active for the RP, just guessing.

Tom
-- 
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-- 
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list