76 lines
4.4 KiB
XML
76 lines
4.4 KiB
XML
<AuthState name="${state.entry}"
|
|
class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="false">
|
|
<ResultCond name="useArtifact" next="${state.entry}_artifact" />
|
|
<ResultCond name="default" next="${state.entry}_post"/>
|
|
<Response value="AUTH_ERROR">
|
|
<Gui name="AuthErrorDialog"/>
|
|
</Response>
|
|
<property name="condition:useArtifact"
|
|
value="${sess:agov.idp.use.artifact:^true$}" />
|
|
</AuthState>
|
|
<AuthState name="${state.entry}_post" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
|
|
<!-- Auth_Realm_Main_IDP_Concurrent_Logout -->
|
|
<ResultCond name="IDP-initiated-ConcurrentLogout" next="${state.exit.1}"/>
|
|
<ResultCond name="SP-initiated-ConcurrentLogout" next="${state.exit.1}"/>
|
|
<!-- Auth_Realm_Main_IDP_Prepare_Done -->
|
|
<ResultCond name="IDP-initiated-SingleLogout" next="${state.done}"/>
|
|
<ResultCond name="SP-initiated-SingleLogout" next="${state.done}"/>
|
|
<ResultCond name="ok" next="${state.done}"/>
|
|
<!-- Auth_Realm_Main_IDP_Logout_Done -->
|
|
<ResultCond name="LogoutCompleted" next="${state.exit.2}"/>
|
|
<!-- Auth_Realm_Main_IDP_Logout_Fail -->
|
|
<ResultCond name="LogoutFailed" next="${state.exit.3}"/>
|
|
<!-- Auth_Realm_Main_IDP_RequestedRoleLevel -->
|
|
<ResultCond name="authenticate:IDP-initiated-SSO" next="${state.exit.4}"/>
|
|
<ResultCond name="authenticate:SP-initiated-SSO" next="${state.exit.4}"/>
|
|
<ResultCond name="invalidAssertionConsumerUrl" next="${state.entry}"/>
|
|
<!-- Auth_Realm_Main_IDP_Selector -->
|
|
<ResultCond name="stepup:IDP-initiated-SSO" next="${state.failed}"/>
|
|
<ResultCond name="stepup:SP-initiated-SSO" next="${state.failed}"/>
|
|
<Response value="AUTH_ERROR">
|
|
<Gui name="saml_idp" label="title.saml.failed">
|
|
<GuiElem name="lasterror" type="error" label="error.saml.failed"/>
|
|
</Gui>
|
|
</Response>
|
|
<!-- same as Custom_AGOV_IDP -->
|
|
<propertyRef name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP"/>
|
|
<property name="out.issuer" value="${var.idp_agov-saml-issuer-sec}"/>
|
|
<property name="out.binding" value="http-post"/>
|
|
<property name="out.post.relayStateEncoding" value="${param.out.post.relayStateEncoding:HTML}"/>
|
|
<property name="out.encrypt" value="${param.out.encrypt:none}"/>
|
|
<property name="out.encrypt.keystoreref" value="${param.out.encrypt.keystoreref:DefaultKeyStore}"/>
|
|
<property name="out.encrypt.keyobjectref" value="${param.out.encrypt.keyobjectref:DefaultSigner}"/>
|
|
</AuthState>
|
|
<AuthState name="${state.entry}_artifact" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
|
|
<!-- Auth_Realm_Main_IDP_Concurrent_Logout -->
|
|
<ResultCond name="IDP-initiated-ConcurrentLogout" next="${state.exit.1}"/>
|
|
<ResultCond name="SP-initiated-ConcurrentLogout" next="${state.exit.1}"/>
|
|
<!-- Auth_Realm_Main_IDP_Prepare_Done -->
|
|
<ResultCond name="IDP-initiated-SingleLogout" next="${state.done}"/>
|
|
<ResultCond name="SP-initiated-SingleLogout" next="${state.done}"/>
|
|
<ResultCond name="ok" next="${state.done}"/>
|
|
<!-- Auth_Realm_Main_IDP_Logout_Done -->
|
|
<ResultCond name="LogoutCompleted" next="${state.exit.2}"/>
|
|
<!-- Auth_Realm_Main_IDP_Logout_Fail -->
|
|
<ResultCond name="LogoutFailed" next="${state.exit.3}"/>
|
|
<!-- Auth_Realm_Main_IDP_RequestedRoleLevel -->
|
|
<ResultCond name="authenticate:IDP-initiated-SSO" next="${state.exit.4}"/>
|
|
<ResultCond name="authenticate:SP-initiated-SSO" next="${state.exit.4}"/>
|
|
<ResultCond name="invalidAssertionConsumerUrl" next="${state.entry}"/>
|
|
<!-- Auth_Realm_Main_IDP_Selector -->
|
|
<ResultCond name="stepup:IDP-initiated-SSO" next="${state.failed}"/>
|
|
<ResultCond name="stepup:SP-initiated-SSO" next="${state.failed}"/>
|
|
<Response value="AUTH_ERROR">
|
|
<Gui name="saml_idp" label="title.saml.failed">
|
|
<GuiElem name="lasterror" type="error" label="error.saml.failed"/>
|
|
</Gui>
|
|
</Response>
|
|
<!-- same as Custom_AGOV_IDP -->
|
|
<propertyRef name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP"/>
|
|
<property name="out.issuer" value="${var.idp_agov-saml-issuer-sec}"/>
|
|
<property name="out.binding" value="http-artifact"/>
|
|
<property name="out.post.relayStateEncoding" value="${param.out.post.relayStateEncoding:HTML}"/>
|
|
<property name="out.encrypt" value="${param.out.encrypt:none}"/>
|
|
<property name="out.encrypt.keystoreref" value="${param.out.encrypt.keystoreref:DefaultKeyStore}"/>
|
|
<property name="out.encrypt.keyobjectref" value="${param.out.encrypt.keyobjectref:DefaultSigner}"/>
|
|
</AuthState> |