You can find the endpoints described in this section in the saml2/jsp subdirectory. As of this writing, some of these endpoints are not used in the current implementation of OpenAM. Active endpoints in this category are discussed in the chapter on Managing SAML2 Federation in the Administration Guide.
default.jsp
May be used by other files to return a success or failure message. While the default.jsp name is common in the trunk, the jsp/default.jsp filename is used only by SPSingleLogout.java, which is not commonly used.
exportmetadata.jsp
Supports the export of XML-based metadata with other providers within a circle of trust (CoT). Currently used. For more information, see the chapter on Managing SAML2 Federation in the Administration Guide.
fedletAttrQuery.jsp
Supports the configuration of SAML attribute query headers.
fedletAttrResp.jsp
Supports the configuration of SAML attribute response headers.
fedletSSOInit.jsp
Previously used to start single sign-on at the Fedlet.
fedletSampleApp.jsp
Specifies a sample fedlet application that can be removed in production.
fedletXACMLQuery.jsp
Enables a sample SAML XACML query handler; used for testing, to prompt users to specify a resource URL along with an action (GET, POST).
fedletXACMLResp.jsp
Retrieves a sample SAML XACML resource URL for a yes, no, or maybe decision (PERMIT, DENY, or INDETERMINATE).
idpMNIPOST.jsp
The MNI in several JSP files relate to ManageNameID, which sets up corresponding accounts on IDPs and SPs. This particular JSP file processes a request from an IDP through an HTTP redirect.
idpMNIRedirect.jsp
The MNI in several JSP files relate to ManageNameID, which sets up corresponding accounts
on IDPs and SPs. This particular JSP file processes a request from an IDP through an HTTP
redirect. It uses a metadata-based alias, an entity ID for the service provider, and the type
of MNI request; examples include NewID
and terminate
.
idpMNIRequestInit.jsp
The MNI in several JSP files relate to ManageNameID, which sets up corresponding accounts on IDPs and SPs. As described in the Managing SAML2 Federation in the Administration Guide chapter of the Administration Guide, it allows you to change federation of persistently linked accounts. The chapter also includes an example of this endpoint at work.
idpSSOFederate.jsp
Specifies an endpoint that takes authentication requests from an SP, with a
SAMLRequest
data, a metaAlias
and a RelayState
with information from the target URL.
idpSSOInit.jsp
Specifies an endpoint that starts SSO, either from cache, or by verifying metaAlias
and SP identifier data.For more information, see
the chapter on
Managing SAML2 Federation in the Administration Guide.
idpSingleLogoutInit.jsp
Starts a LogoutRequest
from the identity provider.For more information, see
the chapter on
Managing SAML2 Federation in the Administration Guide.
idpSingleLogoutPOST.jsp
Specifies an endpoint that receives logout requests from IDPs and receives logout responses from SPs. Also sends logout responses to SPs.
idpSingleLogoutRedirect.jsp
Takes the SAMLRequest
and SAMLResponse
messages for
logouts from the SP. May also handle the RelayState
directive.
SA_IDP.jsp
Used for SAML authentication for communication with identity providers (IDPs).
SA_SP.jsp
Used for SAML authentication for communication with service providers (SPs).
saeerror.jsp
Returns an error message related to Secure Attribute Exchange (SAE). Currently used only by the SA_IDP.jsp and SA_SP.jsp endpoints.
saml2error.jsp
Endpoint that may return one of many error codes, specified in the comments of the file.
spAssertionConsumer.jsp
Used on a SP, to interpret information from an IDP. The request to the IDP is an
AuthnRequest
; the response from the IDP is read by this endpoint.
spMNIPOST.jsp
The MNI in several JSP files relate to ManageNameID, which sets up corresponding accounts on IDPs and SPs. This particular endpoint takes the associated request, using an HTTP Redirect, from a SP. Less commonly used.
spMNIRedirect.jsp
This particular endpoint handles the ManageNameIDRequest
and ManageNameIDRespnose
messages with the help of HTTP Redirect. Less
commonly used.
spMNIRequestInit.jsp
This particular endpoint supports changes to federation of persistently linked accounts, in a fashion similar to idpMNIRequestInit.jsp. For an example of this endpoint in work, see the chapter on Managing SAML2 Federation in the Administration Guide.
spSSOInit.jsp
Supports SSO messages from the SP. For more information and an example of how this endpoint is used, see the chapter on Managing SAML2 Federation in the Administration Guide.
spSingleLogoutInit.jsp
Supports SSO messages from the SP. For more information, see the chapter on Managing SAML2 Federation in the Administration Guide.
spSingleLogoutPOST.jsp
Specifies an endpoint that receives logout requests from SPs and receives logout responses from IDPs. Also sends logout responses to IDPs. Converse endpoint to idpSingleLogoutPOST.jsp.
spSingleLogoutRedirect.jsp
Takes the SAMLRequest
and SAMLResponse
messages for
logouts from the IDP. May also handle the RelayState
directive. Converse
endpoint to idpSingleLogoutRedirect.jsp.