A-Select protocol authentication
Since: 0.1
The A-Select profile requires the following configuration to be added to the <profile> section of the OA configuration.
<profile id="aselect" class="com.alfaariss.oa.profile.aselect.processor.ASelectProcessor" > <redirect_url>[redirect_url]</redirect_url> <error> <jsp path='[error_jsp]'/> <handling local='[local_boolean]'/> </error> <websso> <path>[websso_path]</path> <url>[websso_url]</url> </websso> <ws enabled='[ws_boolean]' force_requestor_id='[force_boolean]'/> <requesthandlers> <sp enabled='[requestor_boolean]' app_level='[requestor_application_level]'> <requestorpool id='[requestor_id]'> <signing enabled='[signing_enabled]' /> <app_level>[application_level]</app_level> <uid attribute='[user_attribute]'> <opaque enabled='[opaque_boolean]' salt='[opaque_salt]'/> </uid> </requestorpool> </sp> <idp enabled='[requestor_boolean]' app_level='[requestor_application_level]' <requestorpool id='[requestor_id]'> <signing enabled='[signing_enabled]' /> <app_level>[application_level]</app_level> <uid attribute='[user_attribute]'> <opaque enabled='[opaque_boolean]' salt='[opaque_salt]'/> </uid> </requestorpool> </idp> </requesthandlers> <authentication authsp_level='[authsp_application_level]'> <profile id='[authsp_profile_id]' authsp_level='[authsp_level]' /> </authentication> </profile>
Global Settings
- [redirect_url] (optional) The url that must be used to redirect the user to, e.g. 'http://localhost:8080/openaselect/profiles/aselect'.
Error Settings
- [error_jsp] The path to the error JSP page, e.g. '/ui/profiles/aselect/error.jsp'.
- [local_boolean] If set to 'true' all errors are processed by the OpenASelect Server itself (default false).
WebSSO Settings
- [websso_path] The path of the WebSSO that is used to forward to, after processing by the profile, e.g. '/sso/web'.
- [websso_url] The URL of the WebSSO, e.g. 'http://localhost:8080/openaselect/sso'.
A-Select WS Settings
- [ws_boolean] Indicates whether the A-Select web service is enabled.
- [force_boolean] Indicates whether the requestor identifier is forced.
Note: The optional [redirect_url] is mandatory when using A-Select WS.
Requesthandler Settings
- [requestor_boolean] Indicates whether service providers are enabled.
- [requestor_application_level] The general level of all the service providers.
- [sp_requestor_id] The unique requestor identifier.
- [signing_enabled] Indicates whether the signing is enabled for this requestor.
- [application_level] The application level for this specific requestor.
- [user_attribute] (optional) The attribute that will be released as user ID for this requestor.
- [opaque_boolean] Indicates whether the opaque user id functionality is enabled for this requestor.
- [opaque_salt] (optional) If enabled, the salt value for this requestor.
- [authsp_application_level] The general level of all the authentication providers.
- [authsp_profile_id] The unique authentication provider identifier.
- [authsp_level] The authentication level for this specific authentication provider.