Using custom parameters from the SAML authentication request¶
Usage scenario¶
The SAML Service provider wishes to pass along additional data with the Authentication Request which could be utilized during the lifetime of the SAML Flow.
For example, you might want to pass along the type of client making the request. You can use this information in the templates to render a different UI.
Prerequisites¶
To successfully complete this topic guide you need to ensure following prerequisites:
- Onegini IDP instance must to be running
- A SAML service provider is configured
- The SAML service provider is running and able to send custom parameters in the authentication request.
Thymeleaf Dialect¶
The Extension Custom Parameters dialect uses the prefix ecp (Extension Custom Parameters). It can be used to get the values that were passed in the SAML
Authentication Request. It is stored as a key value map with a String
as the key, a List of Strings as the values.
Available methods¶
ecp.getValue("key")- returns a single value or the first one in the list.ecp.getValues("key")- returns a list of values.
Template example¶
<div th:if="${#ecp.getValue('appView') eq 'mobile'}">
<div id="mobileOnly"> This will only show for mobile devices!</div>
</div>
Session API usage¶
The map of custom extension parameters is also available via the Session API. It is returned as the
extension_custom_parameters object within the session_data object of the response.
Post Login Hook usage¶
The map of custom extension parameters is available in the Post Login Hook.