Identity Gateway 2024.3

StaticResponseHandler

Creates a response to a request statically, or based on something in the context.

Usage

{
  "name": string,
  "type": "StaticResponseHandler",
  "config": {
    "status": configuration expression<number>,
    "reason": configuration expression<string>,
    "headers": {
       configuration expression<string>: [ runtime expression<string>, ... ], ...
    },
    "trailers": {
       configuration expression<string>: [ runtime expression<string>, ... ], ...
    },
    "entity": runtime expression<string> or [ runtime expression<string>, ... ]
  }
}

Properties

"status": Status object

The response status. For more information, refer to Status.

"reason": configuration expression<string>, optional

Used only for custom HTTP status codes. For more information, refer to Response Status Codes and Status Code Registry.

"headers": map, optional

One or more headers to set for a response, with the format name: [ value, …​ ], where:

  • name is a configuration expression<string> for a header name. If multiple expressions resolve to the same final string, name has multiple values.

  • value one or more a runtime expression<strings> for header values.

When the property entity is used, set a Content-Type header with the correct content type value. The following example sets the content type of a message entity in the response:

"headers": {
  "Content-Type": [ "text/html; charset=UTF-8" ]
}

The following example is used in federate-handler.json to redirect the original URI from the request:

"headers": {
  "Location": [
     "http://sp.example.com:8080/saml/SPInitiatedSSO"
  ]
}

Default: Empty

"trailers": map, optional

One or more trailers to set for a response, with the format name: [ value, …​ ], where:

  • name is a configuration expression<string> for a trailer name. If multiple expressions resolve to the same string, name has multiple values.

    The following trailer names are not allowed:

    • Message framing headers (for example, Transfer-Encoding and Content-Length)

    • Routing headers (for example, Host)

    • Request modifiers (for example, controls and conditionals such as Cache-Control, Max-Forwards, and TE)

    • Authentication headers (for example, Authorization and Set-Cookie)

    • Content-Encoding

    • Content-Type

    • Content-Range

    • Trailer

  • value is one or more runtime expression<strings> for trailer values.

Default: Empty

"entity": runtime expression<string> or array of runtime expression<string>, optional

The message entity body to include in a response.

If a Content-Type header is present, the entity must conform to the header and set the content length header automatically.

Methods are provided for accessing the entity as byte, string, or JSON content. For information, refer to Entity.

Attackers during reconnaissance can use response messages to identify information about a deployment. For security, limit the amount of information in messages, and avoid using words that help identify IG.

Default: Empty

Example

{
  "name": "ErrorHandler",
  "type":"StaticResponseHandler",
  "config": {
    "status": 500,
    "headers": {
      "Content-Type": [ "text/html; charset=UTF-8" ]
    },
    "entity": "<html><h2>Epic #FAIL</h2></html>"
  }
}
{
  "handler": {
    "type": "StaticResponseHandler",
    "config": {
      "status": 200,
      "headers": {
        "content-type": [ "text/html" ]
      },
      "entity": [
        "<html>",
        "  <body>",
        "    <h1>Request Details</h1>",
        "    <p>The path was: ${request.uri.path}<p>",
        "    <p>The query params were: ${toString(request.queryParams)}</p>",
        "    <p>The headers were: ${toString(request.headers.entrySet())}<p>",
        "  </body>",
        "</html>"
      ]
    }
  }
}
Copyright © 2010-2024 ForgeRock, all rights reserved.