You can find the endpoints described in this section in the saml2/jsp subdirectory. As of this writing, some of these endpoints are not used in the current implementation of OpenAM. Active endpoints in this category are discussed in the chapter on Managing SAML2 Federation in the Administration Guide.
default.jsp
-
May be used by other files to return a success or failure message. While the default.jsp name is common in the trunk, the jsp/default.jsp filename is used only by SPSingleLogout.java, which is not commonly used.
exportmetadata.jsp
-
Supports the export of XML-based metadata with other providers within a circle of trust (CoT). Currently used. For more information, see the chapter on Managing SAML2 Federation in the Administration Guide.
fedletAttrQuery.jsp
-
Supports the configuration of SAML attribute query headers.
fedletAttrResp.jsp
-
Supports the configuration of SAML attribute response headers.
fedletSSOInit.jsp
-
Previously used to start single sign-on at the Fedlet.
fedletSampleApp.jsp
-
Specifies a sample fedlet application that can be removed in production.
fedletXACMLQuery.jsp
-
Enables a sample SAML XACML query handler; used for testing, to prompt users to specify a resource URL along with an action (GET, POST).
fedletXACMLResp.jsp
-
Retrieves a sample SAML XACML resource URL for a yes, no, or maybe decision (PERMIT, DENY, or INDETERMINATE).
idpMNIPOST.jsp
-
The MNI in several JSP files relate to ManageNameID, which sets up corresponding accounts on IDPs and SPs. This particular JSP file processes a request from an IDP through an HTTP redirect.
idpMNIRedirect.jsp
-
The MNI in several JSP files relate to ManageNameID, which sets up corresponding accounts on IDPs and SPs. This particular JSP file processes a request from an IDP through an HTTP redirect. It uses a metadata-based alias, an entity ID for the service provider, and the type of MNI request; examples include
NewID
andterminate
. idpMNIRequestInit.jsp
-
The MNI in several JSP files relate to ManageNameID, which sets up corresponding accounts on IDPs and SPs. As described in the Managing SAML2 Federation in the Administration Guide chapter of the Administration Guide, it allows you to change federation of persistently linked accounts. The chapter also includes an example of this endpoint at work.
idpSSOFederate.jsp
-
Specifies an endpoint that takes authentication requests from an SP, with a
SAMLRequest
data, ametaAlias
and aRelayState
with information from the target URL. idpSSOInit.jsp
-
Specifies an endpoint that starts SSO, either from cache, or by verifying
metaAlias
and SP identifier data.For more information, see the chapter on Managing SAML2 Federation in the Administration Guide. idpSingleLogoutInit.jsp
-
Starts a
LogoutRequest
from the identity provider.For more information, see the chapter on Managing SAML2 Federation in the Administration Guide. idpSingleLogoutPOST.jsp
-
Specifies an endpoint that receives logout requests from IDPs and receives logout responses from SPs. Also sends logout responses to SPs.
idpSingleLogoutRedirect.jsp
-
Takes the
SAMLRequest
andSAMLResponse
messages for logouts from the SP. May also handle theRelayState
directive. SA_IDP.jsp
-
Used for SAML authentication for communication with identity providers (IDPs).
SA_SP.jsp
-
Used for SAML authentication for communication with service providers (SPs).
saeerror.jsp
-
Returns an error message related to Secure Attribute Exchange (SAE). Currently used only by the SA_IDP.jsp and SA_SP.jsp endpoints.
saml2error.jsp
-
Endpoint that may return one of many error codes, specified in the comments of the file.
spAssertionConsumer.jsp
-
Used on a SP, to interpret information from an IDP. The request to the IDP is an
AuthnRequest
; the response from the IDP is read by this endpoint. spMNIPOST.jsp
-
The MNI in several JSP files relate to ManageNameID, which sets up corresponding accounts on IDPs and SPs. This particular endpoint takes the associated request, using an HTTP Redirect, from a SP. Less commonly used.
spMNIRedirect.jsp
-
This particular endpoint handles the
ManageNameIDRequest
andManageNameIDRespnose
messages with the help of HTTP Redirect. Less commonly used. spMNIRequestInit.jsp
-
This particular endpoint supports changes to federation of persistently linked accounts, in a fashion similar to idpMNIRequestInit.jsp. For an example of this endpoint in work, see the chapter on Managing SAML2 Federation in the Administration Guide.
spSSOInit.jsp
-
Supports SSO messages from the SP. For more information and an example of how this endpoint is used, see the chapter on Managing SAML2 Federation in the Administration Guide.
spSingleLogoutInit.jsp
-
Supports SSO messages from the SP. For more information, see the chapter on Managing SAML2 Federation in the Administration Guide.
spSingleLogoutPOST.jsp
-
Specifies an endpoint that receives logout requests from SPs and receives logout responses from IDPs. Also sends logout responses to IDPs. Converse endpoint to idpSingleLogoutPOST.jsp.
spSingleLogoutRedirect.jsp
-
Takes the
SAMLRequest
andSAMLResponse
messages for logouts from the IDP. May also handle theRelayState
directive. Converse endpoint to idpSingleLogoutRedirect.jsp.