I'd like to configure an intercept onto my IDP so that a user matching some specific criteria would be automatically redirected towards a static HTML page.
I succeeded to achieve that behaviour while configuring an intercept of type "Post-authentication" like this :
/conf/relying-party.xml
<bean id="CAS.LoginConfiguration_custom" class="net.shibboleth.idp.cas.config.impl.LoginConfiguration"
p:servletRequest-ref="shibboleth.HttpServletRequest"
p:ticketValidityPeriod="60000"
p:postAuthenticationFlows="regulation" />
/conf/intercept/regulation-intercept-config.xml
<bean id="shibboleth.regulation.Condition" parent="shibboleth.Conditions.AND">
<constructor-arg>
<list>
<bean class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate" p:useUnfilteredAttributes="true">
<property name="attributeValueMap">
<map>
<entry key="id">
<list>
<value>john.doe</value>
</list>
</entry>
</map>
</property>
</bean>
</list>
</constructor-arg>
</bean>
But my intention is to make interception based on the Inbound message processing (p:inboundInterceptorFlows) so that no SSO session is created since it is useless. The user would be immediately (after authentication) to the static HTML page.
I tried the following configuration /conf/relying-party.xml
<bean id="CAS.LoginConfiguration_custom" class="net.shibboleth.idp.cas.config.impl.LoginConfiguration"
p:servletRequest-ref="shibboleth.HttpServletRequest"
p:ticketValidityPeriod="60000"
**p:inboundInterceptorFlows**="regulation" />
But I don't see how to configure the condition bean (from the file regulation-intercept-config.xml) in order to extract the principal name of the just authenticated user. **To notice : **
- the authn/RemoteUser login flow is configured -
- The IDP receives the remote user from the Shibboleth AuthnRemoteUser servlet.
Is this possible ?
Thanks for helping me, BR