Maverics can be extended using service extensions, which are custom, Golang code that support arbitrary functionality such as retrieving and constructing complex attributes or defining and evaluating policies with logic not pre-built into an Orchestrator. Service extensions give administrators the ability to customize the behavior of the Maverics Orchestrator to suit the particular needs of their integration.
Name | Description | OIDC | SAML | Proxy |
|---|---|---|---|---|
isAuthenticatedSE | Determines if a user is already authenticated. | ✅ | ✅ | ✅ |
authenticateSE | Controls the authentication behavior. | ✅ | ✅ | ✅ |
isAuthorizedSE | Overrides the default authorization behavior. | ✅ | ✅ | ✅ |
buildClaimsSE | Customizes attributes added to SAML 2.0 AttributeStatement. | ✅ | ||
buildRelayStateSE | Builds the RelayState parameter in an IDP-initiated login flow. | ✅ | ||
loadAttrsSE | Customizes how attributes are loaded, often from enterprise APIs. | ✅ | ✅ | ✅ |
accessToken | Defines configuration for the OAuth access token. | ✅ | ||
buildIDTokenClaimsSE | Customizes claims in the ID token. | ✅ | ||
buildAccessTokenClaimsSE | Customizes claims in the access token. | ✅ | ||
upstreamLogin | Determines if a request to an upstream application is authenticated. | ✅ | ||
createHeaderSE | Creates a custom HTTP header, often for attribute enrichment. | ✅ | ||
handleUnauthorizedSE | Overrides default behavior when access is denied. | ✅ | ||
modifyRequestSE | Modifies every request passing through the app. | ✅ | ||
modifyResponseSE | Modifies every response passing through the app. | ✅ |
Additional settings and configuration
After you’ve created a service extension, you can use the following fields to make additional selections on the service extension:
Assets: allows you to upload additional files to reference in your service extension. Maverics also supports allowed protected packages.
Providers: allows you to select one or more providers to use in the service extension. These provider configurations will be used in the user flow when the service extension is invoked.
Claims: allows you to include one or more claims for use in the headers section. (Available for the Authentication and Load Attributes service extensions only).
Metadata: Metadata is an arbitrary set of key-value pairs that can be made available to a given extension. The values can be referenced from within the Go code, making service extensions more flexible and the configuration more obvious.
Use the service extension code editor to configure a custom service extension. Our code editor provides errors when attempting to compile malformed code.
For more information on configuring a custom service extension and code examples, see the service extension repository. Additionally, the on-premises Orchestrator documentation on service extensions can serve as a helpful reference.