Custom flow with selection UI

Cristiano Palazzi cristianopalazzi at
Mon Nov 22 20:55:58 UTC 2021

I realized that I badly explained it, I'll try with some pseudo code:

The servlet doGet method handles the external authentication:

String key = ExternalAuthentication.startExternalAuthentication(request);
request.setAttribute("challenge", challenge);
request.getRequestDispatcher("/jsp.jsp").forward(request, response);

//the jsp simply shows the challenge to the user

To complete the authentication, the user (using an authenticator) signs the
challenge and sends the signature to the servlet using a POST.

The servlet doPost method receive the data:

verify the signature
retrieve the flow key
ExternalAuthentication.finishExternalAuthentication(key, request, response);

At this point, the external authentication has been completed but the user
still sees the jsp.


Il giorno lun 22 nov 2021 alle ore 20:50 Cantor, Scott <cantor.2 at>
ha scritto:

> On 11/22/21, 2:38 PM, "users on behalf of Cristiano Palazzi" <
> users-bounces at on behalf of cristianopalazzi at>
> wrote:
> >    I test it with a client REST API and the response's header contains a
> redirect to the IDP as expected, but I am
> > not able to apply this redirect to the JSP.
> I don't know what you mean, but there's nothing to "apply" nor is there a
> JSP involved unless you built it. You either invoke the finish function
> during the end of the server-side interaction with the client or you don't.
> The client does the redirect back into the flow logic because the client is
> what receives the 302 response from the server.
> -- Scott
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list