Adding a post authentication flow to an SP using metadata-driven configuration
Wessel, Keith
kwessel at illinois.edu
Mon Oct 11 22:29:05 UTC 2021
All,
I'm trying to get the context-check and warning flows to fire for a small set of SPs using a metadata-driven config. If I do the same thing with an override in my relying party config, it works, but I'm trying to avoid that.
I followed the example on the wiki and added this to my metadata provider:
<MetadataFilter xsi:type="EntityAttributes">
<saml:Attribute Name="http://shibboleth.net/ns/profiles/postAuthenticationFlows"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" >
<saml:AttributeValue>warning</saml:AttributeValue>
<saml:AttributeValue>context-check</saml:AttributeValue>
</saml:Attribute>
<Entity>entity-id-here</Entity>
</MetadataFilter>
But it's not firing. Logs show it's applying the entity attribute, but the warning flow and context-check flow don't run..
What am I overlooking?
Thanks,
Keith
More information about the users
mailing list