Hi Dulanja/Venura,
I could see that there is a cookie called "samlssoTokenId" added by the IDP
once it doing the browser re-direction with authorized SAML request. So
can't we simply use that cookie in our handler to decide page re-directions
without maintaining the Map that we discussed.
The handler logic will be something like follows, (since "samlssoTokenId"
is different from browser to browser, i don't see any issue with it. )
handleRequest() {
cookieString = headers.get(HTTPConstants.COOKIE_STRING);
//check whether cookeis contains the "samlssoTokenId" cookie
if (cookieString != null &&
cookieString.contains(APIConstants.SAML_SSO_TOKENID)) {
return true; //process to the API without redirecting to IDP
} else {
redirectToIDPLogin(messageContext);
return false;
}
}
Do you see any issue with handling logic like this or any other advantage
of keeping the in-memory map in our side ?
Regards,
Dinusha.
--
Dinusha Dilrukshi
Senior Software Engineer
WSO2 Inc.: http://wso2.com/
Mobile: +94725255071
Blog: http://dinushasblog.blogspot.com/
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
