[Shib-Users] Shibboleth2 "IdP.jsp" equivalent ?

[gk14...@yahoo.fr]

Hi,

I migrated a Shibboleth 1.3 environment into Shibboleth 2.1

What is the equivalent to the previous "IdP.jsp" page?
I had a custom code in it to do a treatment each time the IdP was reached (while changing from a SP to another).

What is the best way to get the same behaviour with Shibboleth 2? Could you please provide me an example/explanation?

Thanks for your help

[Nuno Gonçalves]

I belive that it is login.jsp usually located at shibboleth-identityprovider-2.1.2/src/main/webapp
and also usually deployed at $TOMCAT_HOME/webapp/idp

hope it helps
Nuno

_______________________________________

Nuno Gonçalves

 

FCCN

Av. do Brasil, n.º 101 - Lisboa

Tel.: +351218440100 - Fax: +351218472167

 

http://www.fccn.pt

[Brent Putman]

Nuno Gonçalves wrote:

I belive that it is login.jsp usually located at shibboleth-identityprovider-2.1.2/src/main/webapp
and also usually deployed at $TOMCAT_HOME/webapp/idp

No, that's not the same as the 1.3 IdP.jsp.  Login.jsp is the HTML form used by default for the UsernamePassword LoginHandler.  You would customize that if you wanted a custom login page.  The 1.3 IdP.jsp was used to render the Browser/POST response back to the client.  Totally unrelated.

gk14...@yahoo.fr wrote:

What is the equivalent to the previous "IdP.jsp" page?
    

The 2.x IdP uses Velocity templates to render the form-based binding responses back to the client browser, rather than a JSP file.  Unfortunately, we don't currently have any supported or documented way that those may be customized.  

FYI, by default those live inside a jar file in the IdP's war file:


# jar tvf opensaml-2.2.3.jar | grep templates
     0 Sun Dec 21 11:43:16 EST 2008 templates/
  1141 Sun Dec 21 11:43:16 EST 2008 templates/saml1-post-binding.vm
  1233 Sun Dec 21 11:43:16 EST 2008 templates/saml2-post-artifact-binding.vm
  1318 Sun Dec 21 11:43:16 EST 2008 templates/saml2-post-binding.vm
  1825 Sun Dec 21 11:43:16 EST 2008 templates/saml2-post-simplesign-binding.vm



If you choose to do surgery on those, you're on your own.


Since you're not the first person to ask, I will open a Jira issue for an RFE to document how to do this without cracking open that jar.  It's actually possible right now if you are knowledgeable about Spring and Velocity and our IdP config layout, but would be totally unsupported by us at this point.

I had a custom code in it to do a treatment each time the IdP was reached (while changing from a SP to another).

What is the best way to get the same behaviour with Shibboleth 2? Could you please provide me an example/explanation?
    

If you want to customize the look and feel of the page(s) for the benefit of the end-user, then those templates are the relevant thing to customize.  If instead what you want to do is execute custom code on every request, then they probably aren't, as they are not JSP.  You'd need to describe in more detail what it is you want to accomplish.  As someone mentioned in a recent thread, one portable way to do something like that in general in the IdP is via a servlet filter.

--Brent