SAML consent

This PhenixID Solution Document (PSD) is written for PhenixID Server.

This article describes how to add SAML consent to SAML authenticators in PhenixID Server.

The reader should have some basic knowledge about PhenixID Server.

Overview

All SAML authenticators now have the optional configuration property, success_template.

Currently available options for the property value are autopost (default) and samlconsent.

Setting the value to samlconsent means the following:
1. The first time a user identifies by request from service provider X, the user will be prompted to confirm that it is ok to send user data to X.
2. If the user agrees, a cookie is created at the user client. The name of the cookie is "Phx.<hashed value>"
3. The next time the user identifies the cookie will be checked. If it exists, the consent will be taken for granted.

Instruction

We will make changes to the file config/phenix-store.json, so please make sure that you have a recent copy/backup of this file.

Login to PhenixID Configuration Manager.

Click on the Tab “Advanced”.

Click on the pencil beside “Authenticators”.

Locate the SAML authenticator that should use consent.

Add the parameter success_template with the value samlconsent to the configuration, according to the example below.

{
    "id": "f033550f-af37-4aad-99f7-42c0a3a872f9",
    "alias": "uidpwdtoken",
    "name": "PostUidPasswordAndOTPSAML",
    "displayName": "UidPwdToken",
    "configuration": {
        "success_template" : "samlconsent",
        "userValidationPipeID": "421cbfd9-38b6-4893-8a6a-4bb74a65a83b",
        "otpValidationPipeID": "b653b040-9a85-4f6f-824e-8c6b4ee980c7",
        "idpID": "c47258f1-47ba-4d44-b3f1-35a087d32c1d"
    }
}

When done press "Stage changes" and then "Commit changes".

Example

When the parameter success_template is set to samlconsent, the result will be similar to this example: