Using custom parameters from the SAML authentication request

Usage scenario

The SAML Service provider wishes to pass along additional data with the Authentication Request which could be utilized during the lifetime of the SAML Flow.

For example, you might want to pass along the type of client making the request. You can use this information in the templates to render a different UI.

What is required?

To successfully complete this topic guide you need to ensure following prerequisites:

Thymeleaf Dialect

The Extension Custom Parameters dialect uses the prefix ecp (Extension Custom Parameters). It can be used to get the values that were passed in the SAML Authentication Request. It is stored as a key value map with a String as the key, a List of Strings as the values.

Available methods

  • ecp.getValue("key") - returns a single value or the first one in the list.
  • ecp.getValues("key") - returns a list of values.

Template example

<div th:if="${#ecp.getValue('appView') eq 'mobile'}">
  <div id="mobileOnly"> This will only show for mobile devices!</div>
</div>

Session API usage

The map of custom extension parameters is also available via the Session API. It is returned as the extension_custom_parameters object within the session_data object of the response.