test

Sun OpenSSO Enterprise 8.0 Administration Guide

Redirecting Users After Role Authentication

Upon a successful or failed role authentication, OpenSSO Enterprise looks for information on where to redirect the user. Following is the order of precedence in which the application will look for this information.

Successful Role Authentication Redirection URL Precedence

The redirection URL for successful role authentication is determined by checking the following places in order of precedence:

  1. A URL set by the authentication module.

  2. A URL set by a goto login URL parameter.

  3. The value of the Success URL attribute in the user's profile specific to the client type from which the request was received.

  4. The value of the Success URL attribute in the role entry of the user's profile specific to the client type from which the request was received.

  5. The value of the Success URL attribute in another role entry of the user's profile specific to the client type from which the request was received. (This option is a fallback if the previous redirection URL fails.)

  6. The value of the Default Success Login URL attribute in the realm to which the user is a member specific to the client type from which the request was received.

  7. The value of the Default Success Login URL attribute in the top level realm specific to the client type from which the request was received.

  8. The value of the Success URL attribute in the user's profile.

  9. The value of the Success URL attribute in the role entry of the user's profile.

  10. The value of the Success URL attribute in another role entry of the user's profile. (This option is a fallback if the previous redirection URL fails.)

  11. The value of the Default Success Login URL attribute in the realm to which the user is a member.

  12. The value of the Default Success Login URL attribute in the top level realm.

Failed Role Authentication Redirection URL Precedence

The redirection URL for failed role authentication is determined by checking the following places in the following order:

  1. A URL set by the authentication module.

  2. A URL set by a gotoOnFail login URL parameter.

  3. The value of the Failure URL attribute in the user's profile specific to the client type from which the request was received.

  4. The value of the Failure URL attribute in the role entry of the user's profile specific to the client type from which the request was received.

  5. The value of the Default Failure Login URL attribute in the realm entry of the user's profile specific to the client type from which the request was received.

  6. The value of the Default Failure Login URL attribute in the top level realm specific to the client type from which the request was received.

  7. The value of the Failure URL attribute in the user's profile.

  8. The value of the Failure URL attribute in the role entry of the user's profile.

  9. The value of the Default Failure Login URL attribute in the realm entry of the user's profile.

  10. The value of the Default Failure Login URL attribute in the top level realm.

  11. The value of the Success URL attribute in the role entry of the user's profile.

  12. The value of the Success URL attribute in another role entry of the user's profile. (This option is a fallback if the previous redirection URL fails.)