Application myportal requires a form with userName and password for
login. The userName for myportal is the mail attribute at the user's Identity
Provider. The password for myportal is the mailPassword at the Identity
Provider. The incoming SAML2 assertion sent by the Identity Provider contains
the mail and mailPassword attributes. The Federation Service validates the
incoming assertion, sets the userName and password in the HttpSession to the
values of mail and mailPassword from the assertion, and redirects the user
to /myportal/login. The LoginRequest Filter then retrieves
the login values from the session and creates the form to log the user into
myportal.
{
"name": "FederationServlet",
"type": "org.forgerock.openig.saml.FederationServlet",
"config": {
"assertionMapping": {
"userName":"mail",
"password":"mailPassword"
}
"redirectURI":"/myportal/login",
"logoutURI":"/myportal/logout"
}
}{
"name": "LoginRequest",
"type": "StaticRequestFilter",
"config": {
"method": "POST",
"uri": "https://10.10.0.5/login",
"form": {
"userName": [${exchange.session.userName}],
"password": [${exchange.session.password}],
}
}
}