Customizing the Consent to Federate Page

A consent to federate page is an HTML form which prompts a user to give consent to joining a federation. You can customize the consent to federate page to specify what information it requests from a user.

Before you begin

Determine what values you want to use for the consent to federate page.

About this task

When a user accesses a federation, they agree to join the federation. The HTML form saml20/consent_to_federate.html prompts for this consent. You can customize what the form requests by adding consent values. These values indicate how a user agrees to join a federation and if service providers are notified of the consent. Identity providers receive the consent values in the SAML 2.0 response.

The following values determine how a user joins a federation:
1
A user agrees to join a federation without notifying the service provider.
0
A user refuses to join a federation.
A URI value
A URI can indicate whether the user agrees to join a federation and if you want to notify the service provider about the user consent. The following table lists and describes the supported URI values.
Table 1. Supported consent values for SAML 2.0 response
Consent value URI Description
Unspecified urn:oasis:names:tc: SAML:2.0:consent: unspecified The consent of the user is not specified.
Obtained urn:oasis:names:tc: SAML:2.0:consent: obtained Specifies that user consent is acquired by the issuer of the message.
Prior urn:oasis:names:tc: SAML:2.0:consent: prior Specifies that user consent is acquired by the issuer of the message before the action which initiated the message.
Implicit urn:oasis:names:tc: SAML:2.0:consent: current-implicit Specifies that user consent is implicitly acquired by the issuer of the message when the message was initiated.
Explicit urn:oasis:names:tc: SAML:2.0:consent: current-explicit Specifies that the user consent is explicitly acquired by the issuer of the message at the instance that the message was sent.
Unavailable urn:oasis:names:tc: SAML:2.0:consent: unavailable Specifies that the issuer of the message was not able to get consent from the user.
Inapplicable urn:oasis:names:tc: SAML:2.0:consent: inapplicable Specifies that the issuer of the message does not need to get or report the user consent.

Follow the steps in this procedure to customize the consent to federate page.

Procedure

  1. Log in to the local management interface.
  2. Click Secure Federation > Global Settings > Template Files.
  3. Expand a locale and select saml20/consent_to_federate.html.
  4. Click Edit and add the appropriate consent values for your federation.
  5. Click Save.
  6. Deploy the changes.

Example

The following example shows an added URI with a consent value Obtained:
<input type="radio" checked name="Consent" 
value="urn:urn:oasis:names:tc:SAML:2.0:consent:obtained"/> 
Consent Obtained.<br/>

In this example, the user consent is acquired by the issuer of the message.

Parent topic: Customizing SAML 2.0 pages