Rendering of agreements for IdP endpoints


Presenting agreements to users

Rendering of agreements should be on a separate screen, shown after authN, before consent and before active attribute value selection. Note that consent skip checking must be modified to also check if new agreements are to be shown. UI spec at the bottom part of:

This screen should be shown always when:

  •  at least one of the mandatory documents configured for the endpoint is not accepted in the latest version

  • at least one of the optional documents configured for the endpoint is not accepted in the latest version, and either was accepted previously in older revision, or was never seen by this user. I.e. for optional documents we ignore revision change for those users who previously said no to this agreement.

The agreement items should be filtered: those which contain documents accepted (not filling the above rules) should be skipped and should not be present on UI.

User should be only allowed to proceed after accepting all agreement items which contain mandatory documents.

Storing information

Information about policy agreement must be stored in an attribute in root group. Use single system attribute. Values should hold information as follows:

  • policy document id

  • policy document revision

  • acceptance status: accepted or notAccepted (only possible for optional)

  • timestamp when decision was recorded



Piotr Piernik





Epic Link

Fix versions