...
:edocs-since:11.5.3
Handling a validation step for SAML or oAuth users
Connections via SAML2 or OAUth2 allow you to create a new local user if it does not already exist.
It may be useful to create this user but not to immediately give him the right to access the platform and have the user go through a validation step.
In this case, it must be possible to inform users that their authentication has worked but that they must wait before using the platform.
The procedure for this client case is as follows:
In a user’s automatic creation mappings or in a "before insert" trigger, the user’s "activated" field must be set to "false".
In this case, during the authentication procedure (when athe identity server returns a positive answer), an instance of "wsnoheto.engine.login.sso.UserDisabled" is added to the session in the attribute "wsnoheto.engine.login.sso.UserDisabled".
This object (present in the JavaDoc) makes it possible to find the user object just created in idle state.
Just use this session attribute in your login page to display information about the validation process the user should follow.