This documentation is for WSO2 Identity Server 5.6.0. View documentation for the latest release.
Page Comparison - Writing a Post-Authentication Handler (v.2 vs v.3) - WSO2 Identity Server 5.6.0 - WSO2 Documentation

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
maxLevel5
minLevel5
indent5

By returning a PostAuthnHandlerFlowStatus

This method of returning the response can have multiple flow statuses:

StatusDescription
SUCCESS_COMPLETEDThis status can be returned if the post-authentication process is complete. The next post handler is then invoked as the current one has been completed.
INCOMPLETE

This status indicates that the post-authentication process is incomplete (e.g., a redirection to an external page). The response can be simply redirected and you can expect it to come back to your post-authentication handler once the response is submitted to WSO2 IS again.

If a response from an external page is submitted to the post-authentication handler which is in progress, the following needs to be included in the request along with the input data that is recieved from the external page:

  1. SessionDataKey

    Note

    Note: The 'sessionDataKey' query parameter is used to coordinate the request state across components participating in the request flow. It does not correlate with the user session. Furthermore, the request state maintained against the 'sessionDataKey' parameter value is cleared by each participating component at the end of request flow. This means that even if an external party grabs the 'sessionDataKey' they will not be able to get into the authentication sequence, as the user session is not associated with that key.

  2. PASTR cookie (this is used to track the post-authentication sequence and used to secure the post-authentication flow.)

As seen in the sample implementation, the disclaimer page is redirected and it stores the “consentPoppedUp” state so that next time the post handler continues upon the response, it can look for the disclaimer response and proceed.

...