Custom flow with selection UI

[Cristiano Palazzi]

I realized that I badly explained it, I'll try with some pseudo code:

The servlet doGet method handles the external authentication:

String key = ExternalAuthentication.startExternalAuthentication(request);
store(key);
request.setAttribute("challenge", challenge);
request.getRequestDispatcher("/jsp.jsp").forward(request, response);

//the jsp simply shows the challenge to the user

To complete the authentication, the user (using an authenticator) signs the
challenge and sends the signature to the servlet using a POST.

The servlet doPost method receive the data:

verify the signature
retrieve the flow key
ExternalAuthentication.finishExternalAuthentication(key, request, response);

At this point, the external authentication has been completed but the user
still sees the jsp.

Thanks,
Cristiano

Il giorno lun 22 nov 2021 alle ore 20:50 Cantor, Scott <cantor.2 at osu.edu>
ha scritto:

> On 11/22/21, 2:38 PM, "users on behalf of Cristiano Palazzi" <
> users-bounces at shibboleth.net on behalf of cristianopalazzi at gmail.com>
> wrote:
>
> >    I test it with a client REST API and the response's header contains a
> redirect to the IDP as expected, but I am
> > not able to apply this redirect to the JSP.
>
> I don't know what you mean, but there's nothing to "apply" nor is there a
> JSP involved unless you built it. You either invoke the finish function
> during the end of the server-side interaction with the client or you don't.
> The client does the redirect back into the flow logic because the client is
> what receives the 302 response from the server.
>
> -- Scott
>
>
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20211122/44220e46/attachment.htm>