adn-agov-iam-project/patterns/bb9e7806a04578e0ad468829_authStatesFile/agov_idp_sec.xml

<AuthState name="${state.entry}" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
            
            <!-- Auth_Realm_Main_IDP_Concurrent_Logout -->
            <ResultCond name="IDP-initiated-ConcurrentLogout" next="${state.exit.1}"/>
            <ResultCond name="SP-initiated-ConcurrentLogout" next="${state.exit.1}"/>

            <!-- Auth_Realm_Main_IDP_Prepare_Done -->
            <ResultCond name="IDP-initiated-SingleLogout" next="${state.done}"/>
            <ResultCond name="SP-initiated-SingleLogout" next="${state.done}"/>
            <ResultCond name="ok" next="${state.done}"/>

            <!-- Auth_Realm_Main_IDP_Logout_Done -->
            <ResultCond name="LogoutCompleted" next="${state.exit.2}"/>
            <!-- Auth_Realm_Main_IDP_Logout_Fail -->
            <ResultCond name="LogoutFailed" next="${state.exit.3}"/>
            
            <!-- Auth_Realm_Main_IDP_RequestedRoleLevel -->
            <ResultCond name="authenticate:IDP-initiated-SSO" next="${state.exit.4}"/>
            <ResultCond name="authenticate:SP-initiated-SSO" next="${state.exit.4}"/>

            <ResultCond name="invalidAssertionConsumerUrl" next="${state.entry}"/>
            
             <!-- Auth_Realm_Main_IDP_Selector -->
            <ResultCond name="stepup:IDP-initiated-SSO" next="${state.failed}"/>
            <ResultCond name="stepup:SP-initiated-SSO" next="${state.failed}"/>


            <Response value="AUTH_ERROR">
                <Gui name="saml_idp" label="title.saml.failed">
                    <GuiElem name="lasterror" type="error" label="error.saml.failed"/>
                </Gui>
            </Response>

            <!-- same as Custom_AGOV_IDP -->
            <propertyRef name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP" />

            <property name="out.binding" value="${param.out.binding:http-post}" />
            <property name="out.post.relayStateEncoding" value="${param.out.post.relayStateEncoding:HTML}" />

            <property name="out.encrypt" value="${param.out.encrypt:none}" />
            <property name="out.encrypt.keystoreref" value="${param.out.encrypt.keystoreref:DefaultKeyStore}" />
            <property name="out.encrypt.keyobjectref" value="${param.out.encrypt.keyobjectref:DefaultSigner}" />
            <!-- property name="out.encryption_key_from_expression" value="${param.out.encryption_key_from_expression:DefaultSigner}" / -->

        </AuthState>