Specifying preauthentication and postauthentication activities for a SAML SSO authentication service

To customize the login process, you can write activities that are triggered before and after SAML SSO authentication. For example, a postauthentication activity can update the operator record with values from the service provider or refuse an automatically provisioned user access to an application.

  1. Create your preauthentication and postauthentication activities. For more information, see the sample activities pySSOPreAuthenticationActivity and pySSOPostAuthenticationActivity.
    • The activities must have Code-Security as the Applies To key part.
    • Set the authentication result in pyAuthenticationPolicyResult to true to proceed with authentication or set to false to terminate the request; for example:
       tools.getRequestor().getRequestorPage().putString("pyAuthenticationPolicyResult", "true");
  2. Open the authentication service.
  3. In the SAML 2.0 tab, expand the Advanced configuration settings section.
  4. In the Pre-authentication activity field, enter the name of the preauthentication activity.
  5. In the Post-authentication activity field, enter the name of the postauthentication activity.
  6. Click Save.
Requiring reauthentication for new and expired sessions for a SAML SSO authentication service