Customize the Consent to Federate Page

Customize the Consent to Federate Page

A consent to federate page is an HTML form which prompts a user to give consent to joining a federation. We can customize the consent to federate page to specify what information it requests from a user.
Determine what values to use for the consent to federate page.

When a user accesses a federation, they agree to join the federation. The HTML form saml20/consent_to_federate.html prompts for this consent. We can customize what the form requests by adding consent values. These values indicate how a user agrees to join a federation and if service providers are notified of the consent. Identity providers receive the consent values in the SAML 2.0 response. The following values determine how a user joins a federation:

1

A user agrees to join a federation without notifying the service provider.

0

A user refuses to join a federation.

A URI value

A URI can indicate whether the user agrees to join a federation and if we want to notify the service provider about the user consent. The following table lists and describes the supported URI values.

Consent value URI Description

Unspecified urn:oasis:names:tc: SAML:2.0:consent: unspecified Consent of the user is not specified.

Obtained urn:oasis:names:tc: SAML:2.0:consent: obtained Specifies that user consent is acquired by the issuer of the message.

Prior urn:oasis:names:tc: SAML:2.0:consent: prior Specifies that user consent is acquired by the issuer of the message before the action which initiated the message.

Implicit urn:oasis:names:tc: SAML:2.0:consent: current-implicit Specifies that user consent is implicitly acquired by the issuer of the message when the message was initiated.

Explicit urn:oasis:names:tc: SAML:2.0:consent: current-explicit The user consent is explicitly acquired by the issuer of the message at the instance the message was sent.

Unavailable urn:oasis:names:tc: SAML:2.0:consent: unavailable The issuer of the message was not able to get consent from the user.

Inapplicable urn:oasis:names:tc: SAML:2.0:consent: inapplicable The issuer of the message does not need to get or report the user consent.

Follow the steps in this procedure to customize the consent to federate page.
Steps

Log in to the local management interface.
Click Federation > Global Settings > Template Files.
Expand a locale and select saml20/consent_to_federate.html.
Click Edit and add the appropriate consent values for the federation.
Click Save.
Deploy the changes.

Example
The following example shows an added URI with a consent value Obtained:
<input type="radio" checked name="Consent" value="urn:urn:oasis:names:tc:SAML:2.0:consent:obtained"/> Consent Obtained.<br/>

In this example, the user consent is acquired by the issuer of the message.
Parent topic: Customize SAML 2.0 pages

Consent value	URI	Description
Unspecified	urn:oasis:names:tc: SAML:2.0:consent: unspecified	Consent of the user is not specified.
Obtained	urn:oasis:names:tc: SAML:2.0:consent: obtained	Specifies that user consent is acquired by the issuer of the message.
Prior	urn:oasis:names:tc: SAML:2.0:consent: prior	Specifies that user consent is acquired by the issuer of the message before the action which initiated the message.
Implicit	urn:oasis:names:tc: SAML:2.0:consent: current-implicit	Specifies that user consent is implicitly acquired by the issuer of the message when the message was initiated.
Explicit	urn:oasis:names:tc: SAML:2.0:consent: current-explicit	The user consent is explicitly acquired by the issuer of the message at the instance the message was sent.
Unavailable	urn:oasis:names:tc: SAML:2.0:consent: unavailable	The issuer of the message was not able to get consent from the user.
Inapplicable	urn:oasis:names:tc: SAML:2.0:consent: inapplicable	The issuer of the message does not need to get or report the user consent.