Skip to content

Redirecting to third party in Person Authentication Script

maduvena edited this page Jan 31, 2022 · 6 revisions

Developer notes: Redirecting to a third-party application and back in a Person authentication custom script.

In many cases of user authentication ( and also consent gathering) there might be a need to redirect to a third party application to perform some operation and return the control back to authentication steps of the custom script.

Steps -

  1. Return from def getPageForStep(self, step, context), a page /auth/method_name/redirect.html ; with content similar to the code snippet below -
    def getPageForStep(self, step, context):
        return "/auth/method_name/redirect.html"

Contents of redirect.xhtml should take the flow to prepareForStep method

...
	<f:metadata>
		<f:viewAction action="#{authenticator.prepareForStep}" if="#{not identity.loggedIn}" />
	</f:metadata>
	
  1. In method prepareForStep prepare data needed for redirect and perform the redirection to the external service.
def prepareForStep(self, step, context):
        .....
	facesService = CdiUtil.bean(FacesService)
	facesService.redirectToExternalURL(third_party_URL )

	return True
	
  1. In order to resume flow after the redirection we have to invoke a similar URL https://my.gluu.server/postlogin.htm from the third party app which takes the flow back to the authenticate method of the custom script. So create an xhtml page postlogin.xhtml which will look like this :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:f="http://xmlns.jcp.org/jsf/core">

<f:view transient="true" contentType="text/html">
	<f:metadata>
		<f:viewAction action="#{authenticator.authenticate}" />
	</f:metadata>
</f:view>

</html>
  1. The <f:viewAction action="#{authenticator.authenticate}" /> in step 3 takes us to the def authenticate(self, configurationAttributes, requestParameters, step):. Here you can use parameters from request (param = ServerUtil.getFirstValue(requestParameters, "param-name")) , perform the state check and finally, return false / true from this method.