Service extensions

Prev Next

Maverics can be extended using service extensions, which are custom, Golang code that support arbitrary functionality such as retrieving and constructing complex attributes or defining and evaluating policies with logic not pre-built into an Orchestrator. Service extensions give administrators the ability to customize the behavior of the Maverics Orchestrator to suit the particular needs of their integration.

Name

Description

OIDC

SAML

Proxy

isAuthenticatedSE

Determines if a user is already authenticated.

authenticateSE

Controls the authentication behavior.

isAuthorizedSE

Overrides the default authorization behavior.

buildClaimsSE

Customizes attributes added to SAML 2.0 AttributeStatement.

buildRelayStateSE

Builds the RelayState parameter in an IDP-initiated login flow.

loadAttrsSE

Customizes how attributes are loaded, often from enterprise APIs.

accessToken

Defines configuration for the OAuth access token.

buildIDTokenClaimsSE

Customizes claims in the ID token.

buildAccessTokenClaimsSE

Customizes claims in the access token.

upstreamLogin

Determines if a request to an upstream application is authenticated.

createHeaderSE

Creates a custom HTTP header, often for attribute enrichment.

handleUnauthorizedSE

Overrides default behavior when access is denied.

modifyRequestSE

Modifies every request passing through the app.

modifyResponseSE

Modifies every response passing through the app.

Additional settings and configuration

After you’ve created a service extension, you can use the following fields to make additional selections on the service extension:

  • Assets: allows you to upload additional files to reference in your service extension. Maverics also supports allowed protected packages.

  • Providers: allows you to select one or more providers to use in the service extension. These provider configurations will be used in the user flow when the service extension is invoked.

  • Claims: allows you to include one or more claims for use in the headers section. (Available for the Authentication and Load Attributes service extensions only).

  • Metadata: Metadata is an arbitrary set of key-value pairs that can be made available to a given extension. The values can be referenced from within the Go code, making service extensions more flexible and the configuration more obvious.

Use the service extension code editor to configure a custom service extension. Our code editor provides errors when attempting to compile malformed code.

For more information on configuring a custom service extension and code examples, see the service extension repository. Additionally, the on-premises Orchestrator documentation on service extensions can serve as a helpful reference.